The cyber attack that broke many of the world's biggest companies was intent only on destruction.
Experts say that initial suggestions that the software was being used to make money may have been a distraction. The software might instead be part of a plan simply to cripple as many systems, companies and countries as possible, they said.
The software itself suggested it was ransomware – when it was loaded up and had taken over users' computers, it asked for money to get the files back. But actually paying that money wasn't possible, and so it generated a tiny amount of cash.
Instead that ransom might have been a way of hiding the true motives of the people behind the malware.
"It is clear that this was targeted indiscriminately at Ukrainian businesses, and the Ukrainian government," Jake Williams, president of the security firm Rendition Infosec and a former member of the U.S. National Security Agency's elite cyberwarfare group, told The Associated Press in an online chat. "The 'ransomware' component is just a smokescreen (and a bad one)."
The attack started in Ukraine before making its way quickly and indiscriminately across the world. But the country took most of the brunt of the attack, with banks and other important infrastructure having their systems taken offline and so being unable to function.
"There is still a lot of damage, especially in banks," said Victor Zhora, CEO of the Kiev cybersecurity firm InfoSafe. "ATMs are working (again) but some bank operations are still limited." He estimated damage in "the millions of dollars, perhaps tens of millions."
And that's just in Ukraine. Microsoft said the malware hit at least 64 nations, including Russia, Germany and the United States. "I expect that we will see additional fallout from this is the coming days," said Williams.
The ransom system appeared to have been set up very badly, if attackers were aiming to make money. They asked victims to send proof that they had handed over cash to one specific email address – but that address was frozen by the provider within hours, taking it offline, and leaving the attackers making only $10,000.
Some security researchers said that the people behind the attack wouldn't even have been able to unlock encrypted computers, even if they wanted to.
Researchers have said that it's possible the attack came from Russia, and perhaps within the Russian state. Clues include the timing – the attack came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating the new Ukrainian constitution signed after the breakup of the Soviet Union
"Everything being said so far does point to Russia being a leading candidate for a suspect in this attack," said Robert M. Lee, CEO of Dragos Inc. an expert who has studied the attacks on Ukraine's power grid.
What's most worrisome and reprehensible, said Lee, is that whoever was behind the attack was unconcerned about the indiscriminate, collateral damage it caused — much of it within Russia itself. That's highly unusual behaviour for nation-states.
Additional reporting by Associated Press
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies