There is something very "Russian" about how the creators of Petya Ransomware reacted to their own global cyberattack last Tuesday, because on Wednesday, they came out to offer help to those people who could no longer recover their files. One recollection of a similar gesture was when Russian President Vladimir Putin said that they would help the United States Congress by providing them with evidence of Trump disclosing highly-classified information to them. There is no doubt that the gesture was meant to mock the U.S. over their concern that President Trump gave Russian officials highly classified information when they were visiting the White House in early May.
Who's responsible for global cyberattack?
The author(s) of the ransomware, Janus Cybercrime Solutions, appears to be somewhat neutral with their involvement of authoring their malware that was at the center of a global cyberattack last week. The attack first hit the Ukraine before hitting other targets. President Trump's Homeland Security Adviser Tom Bossert (who was on ABC News' "This Week") was asked about Russia's involvement, where he said "shame on them" if they were involved. As for Janus' neutral stance, they create these "powerful exploits" only to put them in the hands of people who can do what they want with them. In a sense, it's very much like the approach to open source coding where anyone who knows what they're doing can get involved to develop software.
Two types of malware
If the gesture itself was designed to confuse then the reports became even more confusing when another piece of malware called "NotPetya" was also released which is considered to be a wiper of files rather than the ransomware that locks files and offers to release them for a price. This would indicate that Janus Cybercrime Solutions had a reason to separate themselves from any association with the wiper malware.
The analysis on both of these pieces of malware was that Petya is part of a criminal enterprise to make money while NotPetya was designed to cause real damage.
we're back havin a look in "notpetya" maybe it's crackable with our privkey #petya @hasherezade sadly missed ;)
— JANUS (@JanusSecretary) June 28, 2017
There is no doubt that cyber crimes are growing, with more reports of these cyberattacks.
This is especially true because Janus launched a service that gives other criminals access to ransomware distribution platforms via the darknet which only encourages this kind of behavior. The way that Janus reportedly operates is that they work within a traditional business model where they charge a fee for their service, provide tools for their customers, and even offer technical support. In fact, despite the kind of headlines and criminal activity they've put on display, they even had a Twitter account, which -- much like the Trump presidency -- tries to act as if this is normal when it is anything but.