Cybersecurity experts believe it was sabotage, not cash, that may have motivated the hackers behind this week’s crippling global cyberattack.
Initial reports suggested the virus that surfaced on Tuesday was a form of ransomware, which demands a payment from victims before restoring their computer files.
But clues in the computer code now point to sabotage.
The U.K. National Cyber Security Centre said that its experts have uncovered “evidence that questions initial judgments that the intention was to collect a ransom.”
“We are investigating … whether the intent was to disrupt rather than for any financial gain,” the agency said in a statement.
Private sector experts are investigating along similar lines.
Cybersecurity firms Kaspersky Lab and Comae Technologies said the virus was likely spread by a sophisticated actor that wasn’t interested in collecting a ransom.
“To launch this attack, its authors have carefully created a destructive malware disguised as ransomware,” Kaspersky said Friday. “While some parts of this destructive malware still operate as original building blocks, meaning they might be mistaken for ransomware, their true purpose is destruction, not financial gain.”
Matt Suiche, the founder of Comae Technologies, explained in an online post that it was designed to “destroy and damage.”
“Different intent. Different motive. Different narrative,” he wrote.
Ground zero for the cyberattack appears to have been Ukraine, according to Kaspersky. It quickly spread around the world, infecting the computer networks of major corporations.
The virus hit big global brands like snack maker Mondelez (, advertising giant )WPP (, pharmaceutical firm )Merck ( and a subsidiary of delivery firm )FedEx (. )
The software infected computers and locked down their hard drives. It demanded a $300 ransom in the digital currency Bitcoin in return for unlocking the files.
But Juan Andres Guerrero-Saade, a senior researcher at Kaspersky, said the bug’s code shows it would be impossible for the hackers to decrypt the documents.
“It’s not designed to work properly,” he said.
If the primary objective was financial gain, the virus doesn’t appear to have been very successful.
Kaspersky said that it had seen only 24 people hand over the ransom in an effort to rid their machines of the virus, with payments totaling $6,000.
The cybersecurity firm added that it does not have information on which “threat actor” is behind the attack.
Another major cyberattack called WannaCry spread around the world in mid-May, infecting upwards of a million machines while demanding ransom money from victims.
CNNMoney (London) First published June 30, 2017: 8:27 AM ET