ExPetr/Petya/NotPetya is a Wiper, Not Ransomware
After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made.
This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware.
|Further details can be found at https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/