Ransomware is a type of Malware that encrypts your files and asks for a ransom in return. It is obvious that the motivation behind such an attack is for hackers fill their wallets… right?

Not so simple.

There is some division about this in the security community. Some people believe that the ‘ransom’ part is a distraction to hide the ulterior motives.

Why do we think this, and what are the ulterior motives?

First off, the latest two ransomware outbreaks (WannaCry and Petya/NotPetya) did not collect a huge sum of money.

So far, the WannaCry virus, which caused billions of euros in damage has collected a grand total of 377 payments after infecting about half a million computers in over 150 countries. The total in their bitcoin wallet is just over 10,000 euros. The Petya (NotPetya) virus has collected a similar, but smaller amount. This is not a very large sum of money. To add to this, bitcoin transactions are public so there are a quite a few challenges that the hackers face in order to ‘cash out’ and spend this money. Its nearly not worth the hassle.

The WannaCry virus did not collect much money, mostly due to the fact that it was neutralized early (due to a kill-switch in the virus itself!). The Petya suffered two shortcomings; first there is doubt that the decryption actually works, and secondly the mechanism for collecting/verifying payments was easily thwarted, making ransom payments useless.

Apart from this, both viruses initially targeted specific organizations. The WannaCry went after health services, transportation and telecoms. The Petya went after banks and infrastructure.

It looks like more effort was put into the destructive nature of the virus than in the ransom collection itself.

Why would hackers do this? They want to show power, they want to cripple their enemies, they want to destruct their opponents for the sake of doing so. These are all elements of Cyber Warfare.

There are other elements at play, including industrial espionage and new conspiracies about anti-virus companies wanting to push products. I will cover these topics in a later post.

Until then, I want to thank /u/kermekx and others for contributing to this discussion!