The Petya Cyberattack – Ransom or Sabotage?
Europe and the U.S. are still getting a handle on Petya, the latest massive cyberattack, as new information suggests it wasn’t a financial shakedown like last month’s WannaCry malware – it may have been part of larger cyber warfare.
Analysis of the Petya attack (AKA NotPetya and Nyetya) showed the Ukraine suffered most of the damage, with nearly 60% of infected systems located there, far more than any of the other 60+ nations hit. These attacks disrupted some of the country’s key infrastructure – including public transit, banking, and the Chernobyl power plant.
But the data hijacked from dozens of other governments and companies (including pharmaceutical company Merck, oil company Rosneft, and shipping firm Maersk) has yet to be decrypted by the malware, and it only raised $10,000 before the ransomers’ Bitcoin account email was shut down. This is leading analysts to believe that the ransom was only a feint, while the real purpose was always causing damage to Ukraine’s digital infrastructure.
Security analysts have also found evidence that the hackers laid the groundwork for the Petya attack by infiltrating certain Ukrainian networks earlier this year, telling WIRED, “the destructive effects in the infrastructures of the organizations studied were carried out with the help of [ransomware], but also with direct involvement of intruders who already had some time in the infrastructure.”
DRI President Al Berman says:
Another day, another malware attack. Petya/NotPetya has created havoc, shutting down ports, factories, and offices as it spread through internal organizational networks. The malware itself was introduced via an accounting services and business management software update, again recreating the entry point for a number of previous cyber-attacks – suppliers and vendors.
A fast-spreading virus masquerading as a more overt ransomware attack may disguise the ultimate damage that may occur. This may be the precursor to multi-stage malware incursions and will create a more complex pattern against which cyber security personnel must react.”
DRI will keep an eye on the story as further news develops.