Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Ng Han Guan / AP

The "ransomware" attack that struck Ukraine and has since spread to about 65 countries might not be a regular ransomware attack after all. Instead, its code indicates it is more like a "wiper," according to Matt Suiche, founder of cybersecurity startup Comae Technologies.

What it means: "The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money," Suiche writes. Instead of just encrypting files when it infects a device, this hack encrypts your entire hard drive and the Master Boot Record so that it is totally inoperative, according to Radware. This also causes the whole computer to restart.

  • Microsoft points out that this hack, sometimes called GoldenEye, is a new variant of Petya, which CNET reports has been sold on forums in the dark web since last April.

Why it matters: For one, as CNET's Alfred Ng writes: "Compared with GoldenEye, WannaCry (a ransomware attack in May) looks like it was written by amateurs." Second, Suiche believes the hackers went to the trouble of making it look like ransomware attack to "control the media narrative" to scapegoat an unknown hacking group instead of what it actually might be — a state hacker. (State hackers usually don't use ransomware.)

One big caveat: As Bret Padres, a former intel official and CEO of The Crypsis Group tells Axios, "a just as plausible explanation is that this is a coding error" that makes it look like a wiper and not a simple ransomware hack.

What else we've learned in the last day:

  • The hack hit 65 countries, including Ukraine, Russia, Denmark, Spain, India, Germany, U.K., U.S. and France, according to a Microsoft analysis. It is still impacting ATMs in Ukraine and Pennsylvania's Heritage Valley Health System, per NPR.
  • There is no "kill switch" for this hack (there was one for WannaCry).
  • GoldenEye was spread, in part, through Ukrainian tax accounting software, Symantec reports, adding that it's "interesting" that the attack began on a Ukrainian national holiday, Constitution Day.
  • The hackers aren't attempting to attack random IP addresses (as WannaCry did) and instead targeting mostly financial institutions in Ukraine, per Symantec.
  • Motives: Since the hackers set up a poor payment system, the goal appears to be to cause damage rather than to collect ransom (the point of contact was through an email suspended by the host, and there is only one Bitcoin wallet listed to receive money, making the operation appear uncoordinated and weak).

What to watch now: The Bitcoin wallet that the hackers were going to use to receive payments, which law enforcement will be watching, too, to see if the attackers will somehow reveal themselves. Plus, expect hacking to come up during NATO meetings tomorrow in Brussels. Last year NATO decided a cyber hack could trigger its mutual defense protocol, Article Five.

Go deeper

Ina Fried, author of Login
50 mins ago - Technology

Google's parent shuts down effort to deliver internet via balloons

Image: Loon

Alphabet is shutting down Loon, one of its "moonshots," which aimed to deliver internet service via high-altitude balloons.

Why it matters: The effort was one of several approaches designed to get high-speed connectivity to some of the world's most remote spots and proved useful in the aftermath of disasters that shut down traditional infrastructure.

Dave Lawler, author of World
1 hour ago - World

What has and hasn't changed as Biden takes over U.S. foreign policy

Photo Illustration: Brendan Lynch/Axios. Photo: Chip Somodevilla/Getty Images

President Biden swiftly recommitted the U.S. to the Paris climate pact and the World Health Organization, but America's broader foreign policy is in a state of flux between the Trump and Biden eras.

Driving the news: One of the most striking moves from the Biden administration thus far was a show of continuity — concurring with the Trump administration's last-minute determination that China had committed "genocide" against Uyghur Muslims.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Health: New coronavirus cases down, but more bad news ahead — Fighting COVID-19's effects on gender equality.
  2. Politics: Biden unveils "wartime" COVID strategyBiden's COVID-19 bubble.
  3. Vaccine: NYC postpones vaccine appointments following shipment delays — Private companies step in to fill vaccine logistics vacuum.
  4. World: Biden will order U.S. to rejoin World Health OrganizationBiden to bring U.S. into global COVAX initiative for equitable vaccine access.