The Petya ransomware attacks that disrupted thousands of businesses in Ukraine and reached as far as Australia and India, appear to have been designed more to disrupt businesses than to raise vast amounts of cash.
The small sums of money collected and flaws in approach to collecting ransom present the conclusion that the attack was designed to disrupt Ukraine, where the attacks were centered, rather than to maximize payments.
The cyber extortionists had victims route payments to a single Bitcoin account and then notify the hackers of their payments via email, German internet company Posteo disclosed. The process involved manual steps that complicated collecting money from thousands of victims and keeping track of who had paid. Moreover, the hackers' email account was easily identified and shut down.
The message "Ooops, your important files are encrypted" greeted computer users as far away as a
in Australia and a
at a Mumbia, India, port. However, the concentration of attacks in the Ukraine suggests to some observers that neighboring foe Russia is behind the attacks,
Petya tallied about $10,200 worth of bitcoins in its first day, according to a bot that Quartz set up to track bitcoin payments to an account linked to the attacks. That's about $20,000 less than Wannacry pocketed in its first day.
Shares of cyber security stocks closed down Thursday, a day after rallying.
FireEye Inc. (FEYE) - Get Report dropped nearly 0.3% to $15.48 per share. Fortinet Inc. (FTNT) - Get Report bounced between positive and negative territory, and closed up one cent at $37.74. On Wednesday, FireEye was up more than 2% and Fortinet gained more than 1%.
Shares of Proofpoint Inc. (PFPT) - Get Report , which was Wednesday's big winner with a 5% gain, dropped 2.5% to $86.24. CyberArk Software Ltd (CYBR) - Get Report dropped 1% to $49.81, Qualys Inc. (QLYS) - Get Report fell 3.1% to $40.60, and Splunk Inc. (SPLK) - Get Report rose almost 1.3% to $57.78. CyberArk and Qualys gained about 3% on Wednesday, while Splunk climbed nearly 2%.
The broader Nasdaq closed down 1.4% Thursday morning.
Ukraine was ground zero for the Petya attack. The ransomware strain struck 12,500 computers in the Ukraine alone, according to Microsoft Corp. (MSFT) - Get Report , and has since spread to 64 countries, from Belgium to Brazil, Russia and the U.S.
Microsoft should know. The ransomware propagates by exploiting a vulnerability in Microsoft Windows, echoing the WannaCry attacks that affected over 230,000 computers in over 150 countries. Microsoft published fixes to the vulnerability in March.
The attacks started with Ukraine tax accounting software company M.E.Doc and spread throughout Europe.
UK advertising and communications giant WPP acknowledged that it was hit.
Likewise, Russian oil company Rosneft tweeted that it had been attacked. "We hope that this has nothing to do with the current judicial procedures," the company's Twitter Inc. (TWTR) - Get Report account stated, referring to a battle in the European Court of Justice over sanctions.
German email provider Posteo says it has shut down the accounts that the cyber extortionists used to contact victims, making it harder for the hackers to collect their requested $300 ransom. News outlets and blogs have noted that it will also prevent victims from paying and regaining access to their computers.
Updated from 11:36 a.m. with closing prices.
Visit here for the latest business headlines.