Although the Petya variant that struck this week has superficial similarities to the original virus, it differs in that it deliberately overwrites important computer files rather than just encrypting them, he said.
Mr Suiche wrote: “2016 Petya modifies the disk in a way where it can actually revert its changes, whereas, 2017 Petya does permanent and irreversible damages to the disk.”
“It appears it was designed as a wiper pretending to be ransomware,” they said.
Their analysis of the malware revealed that it had no way to generate a usable key to decrypt data.
“This is the worst case news for the victims,” they said. “Even if they pay the ransom they will not get their data back.”
A veteran computer security researcher known as The Grugq said the “poor payment pipeline” associated with the variant lent more weight to the suspicion that it was more concerned with data destruction than cashing out.
“The real Petya was a criminal enterprise for making money,” he wrote. “This is definitely not designed to make money.”
The Bitcoin account associated with the malware has now received 45 payments from victims who have paid more than $10,000 (£7,785) into the digital wallet.
The email account through which victims are supposed to report that they have paid has been closed by the German firm hosting it – closing off the only supposed avenue of communication with the malware’s creators.
Organisations in more than 64 countries are now known to have fallen victim to the malicious program.
The latest to come forward is voice-recognition firm Nuance. In a statement it said “portions” of its internal network had been affected by the outbreak. It said it had taken measures to contain the the threat and was working with security firms to rid itself of the infection.
The initial infection vector seems to be software widely used in the Ukraine to handle tax payments and about 75% of all infections caused by this Petya variant have been seen in the country.
A government spokesman for Ukraine blamed Russia for starting the attack.