Money Not Likely Main Motive Of Cyberattackers, UN Cybercrime Chief Says

A laptop screen displays a message after it was infected with ransomware during the worldwide cyberattack on June 27.

Investigators still don't know who launched the latest global cyberattack, but the attackers' strategy suggests money was not the main motive, the United Nations' top cybercrime official said on June 29.

The ransomware software was very advanced and more sophisticated than the software used in the previous WannaCry attacks, said Neil Walsh, head of the UN Global Program on Cybercrime in Vienna.

But the current attackers showed little skill when it came to collecting ransom from victims in exchange for unlocking their computers, which were frozen by infected malware sent by the attackers.

Walsh said the perpetrators only set up one e-mail address for receiving ransom payments in Bitcoins, making it easy for the e-mail provider to shut down their account on June 28 and cut off the ransom payments.

The botched attempt at collecting ransom suggests the hackers had little criminal experience and points to a state-run or amateur operation, Walsh said. But he added that the identity of the attackers remains unknown.

"This could be anything from one kid sitting in his basement...to a nation state," he said.

The ransomware was able to spread quickly, especially in Ukraine, because it infiltrated the Kyiv tax authority's software, he said.

Cybersecurity experts are still examining whether Ukraine was deliberately targeted, Walsh said.

"So far, we don't have an answer to it, but it will be certainly something that will be pressing on everyone's minds as the investigation of this attack goes forward," he told the German news agency dpa.

Although companies and private computer users can lower the risk of an attack by updating their security software, some vulnerabilities will always remain, he said.

However, protection against ransom demands is very easy, he said. All that is needed are regular data backups that can be used if the attackers block or destroy one's files.

"It's preventable," Walsh said.

With reporting by dpa and TASS