Ng Han Guan / AP

The "ransomware" attack that struck Ukraine and has since spread to about 65 countries might not be a regular ransomware attack after all. Instead, its code indicates it is more like a "wiper," according to Matt Suiche, founder of cybersecurity startup Comae Technologies.

What it means: "The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money," Suiche writes. Instead of just encrypting files when it infects a device, this hack encrypts your entire hard drive and the Master Boot Record so that it is totally inoperative, according to Radware. This also causes the whole computer to restart.

  • Microsoft points out that this hack, sometimes called GoldenEye, is a new variant of Petya, which CNET reports has been sold on forums in the dark web since last April.

Why it matters: For one, as CNET's Alfred Ng writes: "Compared with GoldenEye, WannaCry (a ransomware attack in May) looks like it was written by amateurs." Second, Suiche believes the hackers went to the trouble of making it look like ransomware attack to "control the media narrative" to scapegoat an unknown hacking group instead of what it actually might be — a state hacker. (State hackers usually don't use ransomware.)

One big caveat: As Bret Padres, a former intel official and CEO of The Crypsis Group tells Axios, "a just as plausible explanation is that this is a coding error" that makes it look like a wiper and not a simple ransomware hack.

What else we've learned in the last day:

  • The hack hit 65 countries, including Ukraine, Russia, Denmark, Spain, India, Germany, U.K., U.S. and France, according to a Microsoft analysis. It is still impacting ATMs in Ukraine and Pennsylvania's Heritage Valley Health System, per NPR.
  • There is no "kill switch" for this hack (there was one for WannaCry).
  • GoldenEye was spread, in part, through Ukrainian tax accounting software, Symantec reports, adding that it's "interesting" that the attack began on a Ukrainian national holiday, Constitution Day.
  • The hackers aren't attempting to attack random IP addresses (as WannaCry did) and instead targeting mostly financial institutions in Ukraine, per Symantec.
  • Motives: Since the hackers set up a poor payment system, the goal appears to be to cause damage rather than to collect ransom (the point of contact was through an email suspended by the host, and there is only one Bitcoin wallet listed to receive money, making the operation appear uncoordinated and weak).

What to watch now: The Bitcoin wallet that the hackers were going to use to receive payments, which law enforcement will be watching, too, to see if the attackers will somehow reveal themselves. Plus, expect hacking to come up during NATO meetings tomorrow in Brussels. Last year NATO decided a cyber hack could trigger its mutual defense protocol, Article Five.

Go deeper

Updated 20 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Pence chief of staff Marc Short tests positive for coronavirus — COVID-19 looms over White House Halloween celebrations.
  2. Health: Fauci says maybe we should mandate masks if people don't wear them — America was sick well before it ever got COVID-19.
  3. World: Polish President Andrzej Duda tests positive for COVID-19.
What Matters 2020

The missed opportunities for 2020 and beyond

Photo illustration: Sarah Grillo/Axios. Photos: Jason Armond (Los Angeles Times), Noam Galai, Jabin Botsford (The Washington Post), Alex Wong/Getty Images

As the 2020 presidential campaign draws to a close, President Trump and Joe Biden have focused little on some of the most sweeping trends that will outlive the fights of the moment.

Why it matters: Both have engaged on some issues, like climate change and China, on their own terms, and Biden has addressed themes like economic inequality that work to his advantage. But others have gone largely unmentioned — a missed opportunity to address big shifts that are changing the country.

Pence chief of staff Marc Short tests positive for coronavirus

Marc Short with Katie Miller, Vice President Pence's communications director, in March. Photo: Doug Mills/The New York Times via Reuters

Marc Short, Vice President Mike Pence’s chief of staff, tested positive for the coronavirus Saturday and is quarantining, according to a White House statement.

Why it matters: Short is Pence's closest aide, and was one of the most powerful forces on the White House coronavirus task force.