Hacking Humans — "Pseudoransomware (noun) [Word Notes]"

N2K Networks | November 25, 2025

Episode Theme Overview

In this "Word Notes" mini-episode, host Rick Howard explores the concept of "pseudo ransomware" — a form of cyber malice that masquerades as ransomware but does not function as traditional ransomware. Instead of holding data hostage for ransom, pseudo ransomware is designed primarily to destroy data, sow confusion, or obscure true motives, particularly as deployed by nation-state actors. The episode delves into the mechanics, motives, and historical context of this deceptive type of malware, and draws on real-world incidents and cultural references to illustrate the topic.

Key Discussion Points & Insights

1. Definition and Characterization of Pseudo Ransomware

Definition (01:03):
- "Malware in the guise of ransomware that destroys data rather than encrypts."
- Also known as "wiperware."
- Goal: To cripple the victim's systems outright, removing the possibility of recoverable decryption after ransom.
Sample sentence (01:22):
- "The goal of pseudo ransomware, also referred to as wiperware, is to cripple the victim's systems rather than offer the opportunity to decrypt them."

2. Contrast with Traditional Ransomware

Conventional Ransomware Model:
- Cybercriminals encrypt data to extract ransom, typically handing over decryption keys after payment.
- A 2020 Provendata study: decryption keys delivered 89% of the time, but 31% of victims still struggled to fully recover (01:52).
Ransomware Uncaring for Chaos:
- Even when decryption keys are provided, criminals "didn't care how much chaos they injected into the victims systems; they got their money." (02:29)
Impact Parity:
- Resulting business disruption can be just as damaging, even if data isn’t explicitly destroyed.

3. Nation-State Use of Pseudo Ransomware as Deception

Attribution Smokescreen:
- Some nation-state actors use pseudo ransomware to "deceive their victims and investigators into thinking that they are cyber criminals." (02:56)
- This tactic obscures true motives, whether to "bring in more revenue to fund their operations, or to hobble their enemies."
North Korea Example (03:18):
- 2017: North Korean hackers used pseudo ransomware to compromise Taiwan’s Far Eastern International Bank and the SWIFT system, using the destructive malware to "cover their tracks."
Russian ‘NotPetya’ Case (03:34):
- The Russian GRU adapted 'Petya' ransomware into 'NotPetya,' deploying it as pseudo ransomware in attacks on Ukrainian infrastructure.
- "The impact was that they compromised some 300 companies within seconds of delivery ... at least 30 of those companies were totally burned to the ground."
Financial Fallout:
- Major global companies were hit hard:
  - Merck: $870M in recovery costs
  - FedEx, TNT: $400M
  - Saint Gobain, Maersk: $300M+
  - White House estimate of total damages: $10B+ (04:33)

4. Cultural Context and Motivation

The Dark Knight Analogy (04:56-06:10):
- Rick Howard draws a parallel to The Dark Knight, where Alfred comments on criminals who are motivated by chaos rather than profit.
- Alfred (Michael Caine) [05:45]:
  
  "Because some men aren't looking for anything logical, like money... Some men just want to watch the world burn."
- This highlights that pseudo ransomware attackers, especially nation-state actors, may be driven by strategic or destructive motives—not merely financial ones.

Notable Quotes & Memorable Moments

Rick Howard (01:03):

"The word is pseudo ransomware. Spelled pseudo as in something disguised as something else, and ransomware as in a type of malware designed to encrypt data for financial gain. Malware in the guise of ransomware that destroys data rather than encrypts."
On chaos over profit (02:29):

"They didn't care how much chaos they injected into the victims systems, they got their money."
Nation-state actor deception (02:56):

"In contrast, some nation state actors, to deflect attribution, use pseudo ransomware to deceive their victims and investigators into thinking that they are cyber criminals."
Alfred in The Dark Knight (05:45):

"Because he thought it was good sport. Because some men aren't looking for anything logical, like money. They can't be bought, bullied, reasoned, or negotiated with. Some men just want to watch the world burn."

Important Timestamps

01:03 — Definition and introduction to pseudo ransomware
01:52 — Statistics on ransomware payments and data recoverability
02:56 — The use of pseudo ransomware by nation-state hackers
03:18–03:34 — North Korean and Russian (NotPetya) case studies
04:33 — Financial impact and company losses from NotPetya
04:56–06:10 — The Dark Knight cultural reference; chaos vs. profit in cybercrime

Tone and Delivery

Rick Howard’s narration is clear, informative, and uses accessible analogies. He keeps the tone both educational and engaging, with the pop culture reference adding a touch of drama to the technical content.
The episode blends factual reporting with storytelling, particularly when recounting cyber incidents and referencing cinema to explain deeper human motivations.

Summary Wrap

This episode of "Hacking Humans" probes the deceptive world of pseudo ransomware. With a focus on how malware can be weaponized not just for ransom but also for chaos, misdirection, and strategic destruction, Rick Howard illustrates the shifting landscape of cyber threats. Through real-world case studies and cultural touchpoints, listeners gain insight into the deeper motives behind some of the most notorious cyberattacks of the past decade.

Transcript

Thales Representative (0:02)

You're listening to the Cyberwire Network powered by N2K. At Thales, they secure what matters most the most Trusted companies and organizations utilize Thales cybersecurity products to protect critical applications, sensitive data and identities anywhere at scale. Through their innovative services and integrated platforms, Thales provides customers a greater visibility of risks, the ability to defend against cyber threats, close compliance gaps, and deliver trusted digital experiences for billions of consumers every day. That's Talas T H A L E S learn more@cpl.talasgroup.com.

Rick Howard (1:03)

The word is pseudo ransomware. Spelled pseudo as in something disguised as something else, and ransomware as in a type of malware designed to encrypt data for financial gain. Malware in the guise of ransomware that destroys data rather than encrypts. Example sentence the goal of pseudo ransomware, also referred to as wiperware, is to cripple the victim's systems rather than offer the opportunity to decrypt them. Origin and context Typical ransomware crews, cybercriminals encrypt their victims data and demand a ransom payment in exchange for the decryption key. But there isn't a lot of incentive on the criminal end to put much care and attention into the recovery part of the exchange. A study by Provendata in 2020 found that in April of that year, criminals that received payment delivered the decryption keys 89% of the time. Out of those cases, though, 31% of the victims required a lot of help and time to completely recover. Although the cyber criminals didn't use pseudo ransomware, for all intents and purposes, the impact was the same. The criminals didn't destroy the data per se, they just made it unusable for a long time. They didn't care how much chaos they injected into the victims systems, they got their money. In contrast, some nation state actors, to deflect attribution, use pseudo ransomware to deceive their victims and investigators into thinking that they are cyber criminals. In reality, they use it as a smokescreen to cover other more nefarious actions to either bring in more revenue to fund their operations or to hobble their enemies in a continuous, low level cyber conflict kind of way. According to the US Department of Justice, North Korean hackers used pseudo ransomware to cover their tracks as they went after Taiwan's Far Eastern International bank in 2017 to compromise the SWIFT system, the massive financial rotary that connects banks, financial institutions and governments worldwide. From Sandworm, Andy Greenberg's Cybersecurity Canon hall of Fame book about the Russian cyber attacks In Ukraine from 2014 to 2017, the Russian GRU, or Main Intelligence Directorate, modified the ransomware called Petya, originally created by the North Koreans, into a pseudo ransomware, eventually named Notpetya. The impact was that they compromised some 300 companies within seconds of delivery. And and a Ukrainian ISP estimated that at least 30 of those companies were totally burned to the ground. Big companies were also brought to their knees, like Merck, with over $870 million in recovery costs. FedEx, TNT, 400 million, Saint Gobain and Maersk, with over 300 million in recovery costs. The White House lowball estimate of the total damage was just over 10 billion. That's billion with a B. Nerd reference. In the 2008 movie the Dark Knight, directed by Christopher Nolan, Bruce Wayne, played by Christian Bale, has a discussion with his butler Alfred, played by Michael Caine, about the nature of some chaotic men who are not motivated by the traditional things that typical criminals desire. Like running a business. Even if it's criminal. Some men just want to tear the system down. Or don't care that they tear the system down, as long as they get what they want.