The Petya ransomware was designed to lock files on the infected computer and demand payment from victims to get their files unlocked. Following the launch of the Petya ransomware attack around the world last week, Microsoft’s telemetry data has now shed some light on the scale of the worm-able ransomware attack. As it turns out, the attack was quite a bit less widespread and more targeted than expected, particularly when compared to the WannaCry attack that rocked hundreds of thousands of computers just last month.
Even though this attack is more sophisticated, telemetry shows that the attack ‘ had far less reach than expected given its worm-like spreading capabilities’, according to Microsoft. And though computers around the world were impacted, more than 70 percent of the affected machines were based in Ukraine, where the attack started. Lastly, Microsoft says, the majority of infections were seen in Windows 7 machines.
From its analysis, Microsoft says that limited reach appears to be by design. The malware intentionally limits the time it has to spread to other machines before the computer is rebooted. This view aligns with other reports and analyses that have posited the possibility that Petya was actually a state-sponsored attack targeted at Ukrainian digital infrastructure.
Microsoft says that it is stepping up efforts to protect Windows 10 users against such attacks, and indeed there are a number of security enhancements in the OS — as well as some on the horizon — that act as a layer of protection. Still, the increasing frequency with which attacks are occurring, as well as their sophistication, should be of concern for everyone.