The cyber attack on some large companies and organizations worldwide using the extortion virus NotPetya was not conducted for purposes of personal enrichment, the Kaspersky Lab press service told Interfax on Sunday.

"Our researchers have analyzed the part of the code of the virus that is connected to the coding of files and we found that the authors of the virus can no longer de-code the disc back after it is coded. That is, in this case it can be assumed that money was not the evil-doers' motive,' the press service said.

The company said a unique identifier of specific Trojan installation is needed for data decoding. In the previously known versions of similar viruses Petya/Mischa/GoldenEye, the installation identifier contained information needed for decoding. In the situation with Expetr (aka NotPetya) there is no such identifier (the 'installation key' shown by ExPetr is a meaningless combination of random symbols).

That means that the authors of the virus cannot receive the information that is needed for decoding files. In other words, the victims of the extorter cannot recover their data," the report said.

"The coding uses a standard reliable scheme, which means that lost data most likely cannot be decoded if there are no errors in the use of the code. Our researchers have not found such errors yet, the study continues," the press service said.

Kaspersky Lab said the program code used by the hackers is similar to the instruments used by one international group.

"We have now established some similarity between the code used in the most recent attack and the instruments used by the group known as BlackEnergy. The similarity in the code cannot be definite evidence of a connection between these attacks. And in any case, we don't known who is behind BlackEnergy," the company said.