Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com)

Posted by msmash on from the new-twist dept.

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.

4 of 182 comments (clear)

  1. Re:Russians by skids · · Score: 4, Informative

    Moreover, Russia has been engaging in a sustained cyber-warfare campaign in Ukraine, up to and including taking down the power grid and hacking cells of military personnel to gain information on troop positions. Making it look like ransomware was probably more an afterthought in hopes that paranoid firewall admins worldwide would block Ukrainian IP addresses... they really don't care that it eventually gets attributed to them.

    I rolled my eyes this morning when I heard the company of origin was in the Ukraine and was not very surprised to see this article today.

    --
    Someone had to do it.
  2. Re:Russians by MightyMartian · · Score: 1, Informative

    You understand the concept of Occam's RAzor, right?

    Which explanation is more parsimonious?

    1. Russia waged a damaging cyberattack on Ukraine, a country it is already effectively at war with and which it has already annexed territory from.
    2. The CIA waged a cyberattack on Ukraine, a country the United States is friendly, even allied with, causing Ukraine businesses considerable damage, to make the Russians look bad.

    I want you to tell me which explanation is the more parsimonious.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  3. Re:Ready Set Go by Anonymous Coward · · Score: 3, Informative

    Care to name half a dozen neighboring countries parts of which Putin annexed de facto or otherwise?

  4. Re:Ready Set Go by dbIII · · Score: 1, Informative

    "he just wants to restore the empire". What a load of BS. How the hell does anyone know with such certainty what Putin wants?

    Maybe because he's said that himself many times, especially when campaigning for election.