Petya’s Ransomware Attacks Have Failed

Uploaded on 2017-07-07 in NEWS-Cybersecurity News, FREE TO VIEW

As security and software vendors scramble to contain the spread of the Petya ransomware virus, analysts are speculating over what the attackers meant to accomplish by initiating the outbreak.

Ransomware is a money-making virus that encrypts the files on victims’ computers and locks them out until they pay out to obtain the decryption keys. In 2016, cyber-criminals netted about $1 billion from ransomware attacks.

But if the motive behind the Petya ransomware attacks was financial, it was far from a success.  

According to the Twitter bot that tracks bitcoin payments made to the address tied with the Petya ransomware, the attackers have so far netted little more than $10,000 in 46 payments, not a lot for an attack that has made the headlines across the globe and affected thousands of computers.
However, there are many signs indicating that the attackers were more interested in causing targeted mayhem and disruption rather than raising money.

The malware and the attack was carefully designed to cleverly spread across networks, even on computers that were patched up and secure. The developers of Petya avoided many of the mistakes of its recent predecessor, WannaCry, which caused a widespread outbreak last month, by using several techniques to propagate the virus across network and not incorporating any kill switch in the malware.

But as much as Petya’s launch and spreading mechanism are ingenious, the payment mechanism is poorly designed. Ransomware attacks usually assign unique Bitcoin wallets to each infected computer in order to automate the payment and key delivery process. 

But the Petya attackers have used a single Bitcoin address for all payments, which means decryption key delivery has to be done manually, not a wise choice for a virus that is destined to infect tens and possibly hundreds of thousands of computers. It will make also it much easier to trace the attackers as they move their money.

Moreover, the ransomware message that was displayed on infected computers contained an email address that victims had to contact with proof of payment in order to get their decryption keys. Unsurprisingly, the company that hosted the email account shut it down, which means victims are no longer able to recover their files. This is something that the cybercriminals should’ve seen coming.

Given those facts, some experts believe that the real purpose of the attack was to destroy the files on targeted computers. Comae Technologies explained how the malware was in fact a wiper—a virus that aims to destroy and damage—in the guise of ransomware. The virus is also being called NotPetya because it differs from the original Petya ransomware.

One of the noteworthy aspects of the attack was the method it was initiated. The attackers hacked the website of Ukrainian accounting software vendor MEDoc and used it as a beachhead to push virus-infected updates on the computers of its users. MEDoc counts among its customers the Ukrainian government agencies and large businesses. 

While ransomware attacks are usually sporadic and aimed at all kinds of users, the hacking of MEDoc gave the cybercriminals a venue to create a more targeted attack aimed at the economic and political infrastructures of Ukraine.
Also of concern is the fact that the attack came on the eve of the holiday marking Ukraine’s adoption of its first constitution in 1996. That could hardly be a coincidence.

A considerable number of computers outside of Ukraine were also affected by the virus, but that can be considered collateral damage when compared to the sheer number of devices that were hit by the attack in Ukraine.
Many indicators point to Russia, which stands accused of leading an aggressive cyberwarfare against Ukraine. In 2015 and 2016, hackers with alleged links to the Russian government hacked the Ukraine power grid and cut electricity in large swaths of the country. Ukraine’s president reported in December that there had been 6,500 attacks on 36 Ukrainian targets in the previous two months.

However, cyber-crime attribution is very difficult. Cyber-criminals often use tools and techniques that are associated with other hacking groups in order to deceive experts. Experts are reluctant to directly point the finger at the Kremlin, and some described the attack as too blatant and overt to be the work of Russian hacking groups.

We expect more details to emerge, but what is clear is that whoever unleashed the Petya outbreak wasn’t after the money.  

This marks a new chapter in the history of ransomware, a breed of virus that was created for purely financial purposes. With computers and connectivity being incorporated into every device, ransomware is fast turning into a weapon of mass disruption and destruction.

Daily Dot:

You Might Also Read:

Ukraine Police Trace Petya Attack Source:

 


 

 

« Is It Really Possible to Protect Your Health Data?
Germany Gets Tough On Social Media »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

Nozomi Networks

Nozomi Networks

Nozomi Networks is a leader in Industrial Control System (ICS) cybersecurity, with a comprehensive platform to deliver real-time cybersecurity and operational visibility.

TCN

TCN

TCN is an advanced System Integrator and Infrastructure Company in Albania.

Matias Consulting Group (MCG)

Matias Consulting Group (MCG)

Your Business needs competitive and resilient ICT solutions. MCG defines, deploy & support them enabling you to focus on your core business.

SCADASUDO

SCADASUDO

SCADASUDO is a cyber solution architecture and design office, established by leading experts in the field of OT (Industrial control) and IT (information Technology).

Nemko

Nemko

Nemko offers testing, inspection, and certification services worldwide, mainly concerning products and systems, but also for machinery, installations, and personnel.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

TriagingX

TriagingX

TriagingX successfully created the first generation malware sandbox that is being used by many Fortune 500 companies for daily malware analysis.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

ADL Consulting

ADL Consulting

ADL Consulting provide information security-related consultancy and training support to businesses across the UK. Our services include ISO27001, GDPR, Cyber Essentials and training.

ScorpionShield

ScorpionShield

ScorpionShield CyberSecurity is an EC-Council Accredited Training Center, and an On-Demand Service for Cybersecurity professionals.

Axitea

Axitea

Axitea designs, implements and develops the solutions best suited to its customers’ needs and their physical and cyber security requirements.

blueAllianceIT

blueAllianceIT

blueAlliance IT is an investment and growth platform that unites local MSP and IT companies around the nation, helping them to grow and operate competitively.

WinMagic

WinMagic

At WinMagic, we’re dedicated to making authentication and encryption solutions that protect data without causing user friction so that everyone can work freely and securely.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.