Crime group behind “Petya” ransomware re-emerges to distance itself from global cyberattacks this week

30 Jun 2017

Janus Cybercrime Solutions, which was behind the Petya ransomware initially linked to Tuesday's global cyberattacks re-emerged on Twitter late Wednesday, seemingly offering to help those whose files could no longer be recovered.

According to commentators, the altruistic gesture was rather uncharacteristic of the criminal syndicate that launched an underworld enterprise by placing powerful exploits in the hands of others to deploy as they saw fit.

They add, it might also simply indicate that Janus would prefer not to be tagged with the spread of ''NotPetya''- so named by Kaspersky Lab, which had itself sought to differentiate between Janus' ransomware and one which wreaked havoc across Europe this week.

There was now consensus among malware experts that NotPetya was actually a wiper - malware designed to inflict permanent damage - not ransomware like Petya, which gave its victims' the option of recovering their data for a price.

Security researcher going by the name "the gurgq", who was the first to offer an analysis wrote:  ''The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of 'ransomware.'''

Meanwhile, a top Ukrainian police official told Reuters yesterday, that the primary target of the crippling computer virus that spread from Ukraine across the world this week is highly likely to have been that country's computer infrastructure.

Cyber security firms have been trying to figure out who was behind the computer worm, dubbed NotPetya by some experts, which had paralysed thousands of machines worldwide. The attack had led to shutting down of ports, factories and offices as it spread through internal organisational networks to an estimated 60 countries.