Neil Walsh says the ransomware software was more sophisticated than the software used in the previous WannaCry attacks. But the current attackers showed little skill when it came to collecting ransom from victims in exchange for unlocking their computers, which were frozen by infected malware sent by the attackers.
The United Nations' top cybercrime official said the perpetrators only set up one e-mail address for receiving ransom payments in Bitcoins, making it easy for the e-mail provider to shut down their account on June 28 and cut off the ransom payments.
The botched attempt at collecting ransom suggests the hackers had little criminal experience and points to a state-run or amateur operation, Walsh said. But he added that the identity of the attackers remains unknown.
"This could be anything from one kid sitting in his basement...to a nation state," he said.
The ransomware was able to spread quickly, especially in Ukraine, because it infiltrated the Kyiv tax authority's software, he said.
Cybersecurity experts are still examining whether Ukraine was deliberately targeted, Walsh said.