Research and investigation into Petya ransomware which has affected computers in over 60 countries has yielded three interesting facts according to Comae’s Matthieu Suiche:
- Ukraine was the epicenter of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine.
- The attackers behind the attack have made little money. At most they made around $10,000. Which suggests that money wasn’t a motive at all.
- Petya was either “incredibly buggy, or irreversibly destructive on purpose.” Thus Suiche suggests that this ransomware was really a “wiper” which is malicious code meant to destroy and damage.
Here’s some more details from Suiche:
We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.
The attacker took an existing ransomware which he repackaged.
Lately, the number of attacks against Ukraine increased from Power Grids being shut down to the car a top military intelligence officer exploding yesterday — the day Petya.2017 infected Ukraine.
The fact of pretending to be a ransomware while being in fact a nation state attack — especially since WannaCry proved that widely spread ransomware aren’t financially profitable — is in our opinion a very subtle way from the attacker to control the narrative of the attack.
That would suggest that Russia was behind this as nobody else that I know of would gain a lot from destabilizing Ukraine. It also suggests that the computers in other countries that were affected by this were cover for this operation or they were simply collateral damage. Here’s the danger for any country, Russia or otherwise, who chooses to engage in activities like this. Sooner or later, someone will hit someone with some sort of cyber attack, and the recipient will hit back and hit back hard. That will lead to an all-out cyber war and that has the potential not to end well because the potential for a cyber war to spill out into something with bombs and guns is a very real possibility.
Like this:
Like Loading...
Related
This entry was posted on June 29, 2017 at 9:02 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
This Week’s Ransomware Attack May Have Been Aimed At Ukraine
Research and investigation into Petya ransomware which has affected computers in over 60 countries has yielded three interesting facts according to Comae’s Matthieu Suiche:
Here’s some more details from Suiche:
We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.
The attacker took an existing ransomware which he repackaged.
Lately, the number of attacks against Ukraine increased from Power Grids being shut down to the car a top military intelligence officer exploding yesterday — the day Petya.2017 infected Ukraine.
The fact of pretending to be a ransomware while being in fact a nation state attack — especially since WannaCry proved that widely spread ransomware aren’t financially profitable — is in our opinion a very subtle way from the attacker to control the narrative of the attack.
That would suggest that Russia was behind this as nobody else that I know of would gain a lot from destabilizing Ukraine. It also suggests that the computers in other countries that were affected by this were cover for this operation or they were simply collateral damage. Here’s the danger for any country, Russia or otherwise, who chooses to engage in activities like this. Sooner or later, someone will hit someone with some sort of cyber attack, and the recipient will hit back and hit back hard. That will lead to an all-out cyber war and that has the potential not to end well because the potential for a cyber war to spill out into something with bombs and guns is a very real possibility.
Share this:
Like this:
Related
This entry was posted on June 29, 2017 at 9:02 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.