Ng Han Guan / AP

The "ransomware" attack that struck Ukraine and has since spread to about 65 countries might not be a regular ransomware attack after all. Instead, its code indicates it is more like a "wiper," according to Matt Suiche, founder of cybersecurity startup Comae Technologies.

What it means: "The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money," Suiche writes. Instead of just encrypting files when it infects a device, this hack encrypts your entire hard drive and the Master Boot Record so that it is totally inoperative, according to Radware. This also causes the whole computer to restart.

  • Microsoft points out that this hack, sometimes called GoldenEye, is a new variant of Petya, which CNET reports has been sold on forums in the dark web since last April.

Why it matters: For one, as CNET's Alfred Ng writes: "Compared with GoldenEye, WannaCry (a ransomware attack in May) looks like it was written by amateurs." Second, Suiche believes the hackers went to the trouble of making it look like ransomware attack to "control the media narrative" to scapegoat an unknown hacking group instead of what it actually might be — a state hacker. (State hackers usually don't use ransomware.)

One big caveat: As Bret Padres, a former intel official and CEO of The Crypsis Group tells Axios, "a just as plausible explanation is that this is a coding error" that makes it look like a wiper and not a simple ransomware hack.

What else we've learned in the last day:

  • The hack hit 65 countries, including Ukraine, Russia, Denmark, Spain, India, Germany, U.K., U.S. and France, according to a Microsoft analysis. It is still impacting ATMs in Ukraine and Pennsylvania's Heritage Valley Health System, per NPR.
  • There is no "kill switch" for this hack (there was one for WannaCry).
  • GoldenEye was spread, in part, through Ukrainian tax accounting software, Symantec reports, adding that it's "interesting" that the attack began on a Ukrainian national holiday, Constitution Day.
  • The hackers aren't attempting to attack random IP addresses (as WannaCry did) and instead targeting mostly financial institutions in Ukraine, per Symantec.
  • Motives: Since the hackers set up a poor payment system, the goal appears to be to cause damage rather than to collect ransom (the point of contact was through an email suspended by the host, and there is only one Bitcoin wallet listed to receive money, making the operation appear uncoordinated and weak).

What to watch now: The Bitcoin wallet that the hackers were going to use to receive payments, which law enforcement will be watching, too, to see if the attackers will somehow reveal themselves. Plus, expect hacking to come up during NATO meetings tomorrow in Brussels. Last year NATO decided a cyber hack could trigger its mutual defense protocol, Article Five.

Go deeper

Updated 34 mins ago - World

At least 50 killed, 3,000 injured after massive explosion rocks Beirut

Photo: Anwar Amro/AFP via Getty Images

A major explosion has slammed central Beirut, Lebanon, damaging buildings as far as several miles away and injuring scores of people.

Driving the news: The cause of the explosion is unknown. Lebanon's health minister said in televised remarks that more than 50 people have been killed and over 3,000 injured.

1 hour ago - Podcasts

The debate over COVID-19 liability protections

Stimulus talks continue to move slowly, with Democrats and Republicans unable to agree on whether or not to include coronavirus-related liability protections for businesses, health facilities and schools.

Axios Re:Cap digs into the debate, which could reset the cost-benefit analysis for businesses thinking about reopening and employees thinking about returning.

Updated 1 hour ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 3 p.m. ET: 18,364,694 — Total deaths: 695,848 — Total recoveries — 10,965,634Map.
  2. U.S.: Total confirmed cases as of 3 p.m. ET: 4,742,277 — Total deaths: 156,133 — Total recoveries: 1,513,446 — Total tests: 57,543,852Map.
  3. States: New York City health commissioner resigns in protest of De Blasio's coronavirus response — New York ER doctor on pandemic advice: "We know what works"
  4. Public health: 59% of Americans support nationwide 2-week stay-at-home order in NPR poll Atrium Health CEO says "virtual hospital" has treated 13,000 COVID patients.
  5. Politics: Republicans push to expand small business loan program Trump tells "Axios on HBO" that pandemic is "under control," despite surges in infections.
  6. Sports: Indy 500 to be held without fansRafael Nadal opts out of U.S. Open.