Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com)

Posted by msmash on from the new-twist dept.

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.

96 of 182 comments (clear)

  1. Russians by 110010001000 · · Score: 4, Interesting

    So the Russians did it?

    1. Re:Russians by Oswald+McWeany · · Score: 3, Insightful

      So the Russians did it?

      They would be the logical assumption. No one gains more by destabalising Ukraine.

      --
      "That's the way to do it" - Punch
    2. Re:Russians by NettiWelho · · Score: 1

      So the Russians did it?

      Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever? I mean, what is the motive? All that is gonna cause is systems being hardened and exploitable resource being exhausted.

      Besides, if it was the russians they'd have setup a decryption system that won't get disconnected in 5 minutes after it becoming public to milk all possible cash out of it.

    3. Re:Russians by avandesande · · Score: 1

      We need a new Southpark with "Blame Russia"

      --
      love is just extroverted narcissism
    4. Re:Russians by Oswald+McWeany · · Score: 3, Insightful

      Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever?

      No one really. No one really gains from Russia being blamed if it wasn't Russia. There is no reason to frame Russia.

      I mean, what is the motive?

      Oh, you mean, like, besides destabalising the country they are trying to stealthily reclaim, that they've already illegally stolen territory from.

      --
      "That's the way to do it" - Punch
    5. Re:Russians by johanw · · Score: 1

      To frame someone is the core buisiness of the CIA.

    6. Re:Russians by MightyMartian · · Score: 4, Insightful

      You are aware, I trust, that Ukraine and Russia are effectively at war, right? Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine? Maybe Russia didn't give a flying fuck whether anyone could eventually decrypt the data or not, if hte point is just to cause damage. It's like asking "Why didn't they send in the Army Corp of Engineers to rebuild the bridge they just bombed to oblivion?" answer being, they just wanted to bomb the bridge to oblivion.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    7. Re:Russians by Oswald+McWeany · · Score: 1

      The CIA are more than capable of getting their hands dirty, wouldn't make any sense for them to attack a country they're hoping to stay independent just to make someone else randomly look bad.

      --
      "That's the way to do it" - Punch
    8. Re:Russians by NettiWelho · · Score: 1, Troll

      You are aware, I trust, that Ukraine and Russia are effectively at war, right?

      So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?

      Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine?

      Because I know from first hand experience government lies all the fucking time.

    9. Re: Russians by bn-7bc · · Score: 1

      Well I think you mean FSB as the KGB was defict in 1995, I donÂt know enugh about them to dy if it was just a rename or a bigger otg change tho

    10. Re:Russians by skids · · Score: 4, Informative

      Moreover, Russia has been engaging in a sustained cyber-warfare campaign in Ukraine, up to and including taking down the power grid and hacking cells of military personnel to gain information on troop positions. Making it look like ransomware was probably more an afterthought in hopes that paranoid firewall admins worldwide would block Ukrainian IP addresses... they really don't care that it eventually gets attributed to them.

      I rolled my eyes this morning when I heard the company of origin was in the Ukraine and was not very surprised to see this article today.

      --
      Someone had to do it.
    11. Re:Russians by Anonymous Coward · · Score: 1

      As anyone with a brain knows, 60% of all Ukrainian businesses includes a lot more than a few "grocery shops" having trouble with their "cash register computers", you Russian troll.

    12. Re:Russians by Anonymous Coward · · Score: 1

      So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?

      Why hurt the Ukrainian economy when one of your primary goals for the past several years has been to hurt the Ukrainian economy?

      You're right, I can't figure that one out.

      I also can't figure out why a country that has waged one cyberattack after the next against Ukraine, basically using it as a cyberwarfare testing ground, would... launch yet another cyberattack against Ukraine.

      Also, I am a moron.

    13. Re:Russians by MightyMartian · · Score: 2

      Cyberwarfare isn't conventional warfare. It's not like you can run out of electrons. Russia has a group of hackers, and writing malware is a part of their job. When you think about how much it costs to keep the rebels armed and maintain an ununiformed Russia force in rebel areas of Ukraine, a cyberattack is so much bloody cheaper.

      As to your explanation for your bizarre conspiracy theory, that really doesn't answer the question at all. You've come up with a very convoluted conspiracy whose only defense seems to be "I don't trust the three letter agencies." Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor.

      Russia has everything to gain by destabilizing Ukraine, whether that be militarily, or via fucking up their computers. Welcome to the face of modern warfare.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    14. Re:Russians by MightyMartian · · Score: 1

      Meant to say:

      "Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor *EVEN LESS*."

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    15. Re:Russians by Rei · · Score: 1

      It's also worth noting that according to other sources Kaspersky is lowballing the percentage of victims that are in Ukraine.

      --
      "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
    16. Re:Russians by MightyMartian · · Score: 1, Informative

      You understand the concept of Occam's RAzor, right?

      Which explanation is more parsimonious?

      1. Russia waged a damaging cyberattack on Ukraine, a country it is already effectively at war with and which it has already annexed territory from.
      2. The CIA waged a cyberattack on Ukraine, a country the United States is friendly, even allied with, causing Ukraine businesses considerable damage, to make the Russians look bad.

      I want you to tell me which explanation is the more parsimonious.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    17. Re:Russians by NettiWelho · · Score: 1

      Cyberwarfare isn't conventional warfare. It's not like you can run out of electrons. Russia has a group of hackers, and writing malware is a part of their job. When you think about how much it costs to keep the rebels armed and maintain an ununiformed Russia force in rebel areas of Ukraine, a cyberattack is so much bloody cheaper.

      As to your explanation for your bizarre conspiracy theory, that really doesn't answer the question at all. You've come up with a very convoluted conspiracy whose only defense seems to be "I don't trust the three letter agencies." Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor.

      Russia has everything to gain by destabilizing Ukraine, whether that be militarily, or via fucking up their computers. Welcome to the face of modern warfare.

      "my bizarre conspiracy theory"

      Just look at whos weapons are being used in these attacks

      "NotPetya ransomware also uses two NSA exploits leaked by the Shadow Brokers in April 2017. These are ETERNALBLUE (also used by WannaCry) and ETERNALROMANCE.""

    18. Re:Russians by JaredOfEuropa · · Score: 1, Insightful

      How is Twitter a "source"?

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    19. Re:Russians by MightyMartian · · Score: 1

      That didn't answer my question

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    20. Re:Russians by chispito · · Score: 1

      You are aware, I trust, that Ukraine and Russia are effectively at war, right?

      So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?

      Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine?

      Because I know from first hand experience government lies all the fucking time.

      The only government lying about Russia's stance toward the Ukraine is Russia. Many independent commentators yesterday were suggesting that it appears to be a disruption campaign disguised as ransomware.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    21. Re:Russians by gweihir · · Score: 1

      Likely, but the question is _which_ Russians. Do not forget that this may well be counted as "terrorism" by some metrics and states are understandably reluctant to be labelled as supporting that. My guess would be some misguided Russian "patriots" did this and the only support from Putin they have is that the Russian government will not try very hard to find them.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    22. Re:Russians by edis · · Score: 2, Interesting

      point is just to cause damage

      Not the only point. Days before this outbreak, I happened to read articles, plain stating, that Ukraine is a country turned by Russia into test battlefield of cyberwar (and other kinds of modern war, as per their definition, BTW). Which was proved once again. Russia flexes its muscles both in operation, in damage, and in getting away with it. The same pattern of pushing the limits where they did their dirty act, yet remain difficult to name and be punished - it repeats all over. This pattern is by now well recognizable. It is the same, as throw chunks of army over the border for couple of "training" days, then withdraw them and get away like there was no war. Direct their "polite" military without identification to "help with voting" at neighboring country.

      Their problem, however, is that these patterns are more recognizable, as more instances have been applied. Element of surprise has worn, it is of little secret now, what is Russia Today.

      --
      Servant of karma
    23. Re:Russians by edis · · Score: 1

      Yep, as we know by now, there are enough of "misguided Russian patriots", spending their vacations by participating in very reasonably coordinated warfare against Ukraine, that itself chose distancing.

      --
      Servant of karma
    24. Re:Russians by Anonymous Coward · · Score: 1

      There's a damn good chance it was perpetrated by the UK / US:

              1. Further de-stabilise Ukraine (oh well, collateral damage)
              2. MAIN GOAL: blame gets put onto Russia, placing a greater wedge between two neighbors
              3. BONUS POINTS: internationally entrenching Russia further into a pariah state

      After all: subterfuge is the name of the game.

      Heck, we'd also do it to the Chinese if we could, except they might decide to respond by dumping a couple trillion of their foreign currency reserves.

    25. Re:Russians by gweihir · · Score: 1

      If you count this one as "coordinated warfare", then you are out of your mind.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    26. Re:Russians by Anonymous Coward · · Score: 1

      Twitter is not the source. The source is ESET, which appears to be a Slovak Antivirus software company. Not complicated.

    27. Re:Russians by Paradise+Pete · · Score: 1

      How is Twitter a "source"?

      In the same way that "paper" is something that can be written upon.

    28. Re:Russians by Paradise+Pete · · Score: 1

      Then why would they disguise it as ransomware? Sure, it could be, but you're weaving quite a tapestry there, which I think is the Martian's point.

    29. Re:Russians by rtb61 · · Score: 1

      What the fuck, fuckity, fuck, fuck insane bullshit are you claiming. Fucking prisons across the globe with millions of inhabitants and many of them would not only destabilise their own country to get rich, they would also rape, kill and eat you, if it would make them more powerful.

      Like all attacks it is worse in the country of origin where career criminals, who would not only destabilise their own country but kill everyone who tried to stop them, launched it. The Ukraine could not be more corrupt run by fascists to enrich themselves, the number one illegal arms supplier, so corruptly so, that they did not have arms to kill their own people, already sold to middle east and African terrorists.

      Ukrainian accounting software update was responsible for most of the infections and that could only have been an inside job.

      --
      Chaos - everything, everywhere, everywhen
    30. Re: Russians by PoopJuggler · · Score: 1

      Russia certainly needs no help looking bad

    31. Re: Russians by PoopJuggler · · Score: 1

      Except for the US any gain is not worth the blowback if caught. Russia doesn't care if they're caught so for them it's a win/win.

    32. Re:Russians by ElizabethGreene · · Score: 1

      As a child I read story. There was young a boy tending sheep. He loved to watch the people drop everything and scurry out to protect him and the sheep he yelled "Wolf!". It was great fun until one day he saw the wolf, cried "WOLF!", and no one came so the wolf ate him.

      Shouting "RUSSIA ATTACKS!" is a valid strategy to undermine the current US republican-dominated government and Trump specifically. The people doing this need to understand that there can be expensive and painful consequences if it turns out not to be true.

      See also "Iraqi Weapons of Mass Destruction"

    33. Re:Russians by ElizabethGreene · · Score: 1

      > No one really gains from Russia being blamed if it wasn't Russia.

      This is incorrect. The US is attempting to pick a fight with Russia, and this is another pinprick. Why we are trying to pick this fight I do not know.

    34. Re:Russians by edis · · Score: 1

      Civil war does NOT start with masqueraded foreign troops taking institutions in targeted areas, being set up for fight. I remember very well how after annexation of Crimea people in Eastern Ukraine were urged DAVAI DAVAI, WHAT ARE YOU WAITING FOR?! Then slowly posts on roads were established first of all, and further groups of people speaking St.Peterburg tongue of russian helped taking control over local institutions, with "tourists on vacations" from Russia being leaders of organizing "alternate local governing" and actual military operations. Not quite close to the civil war, see? It is not the civil war, when foreign army gets involved.

      --
      Servant of karma
    35. Re:Russians by edis · · Score: 1

      What do you say? :-) Having primary channel of distribution being chosen with quite a sophistication, effective and country-targeted, please show some respect to the buddies over there. Didn't it work well, after all? Dirty deeds, but done well.

      --
      Servant of karma
    36. Re:Russians by kaatochacha · · Score: 1

      Dude, the russians messed with the election because PUTIN DISLIKES HILARY.
      They're the epitome of petty...

  2. How... by The+Grim+Reefer · · Score: 1

    How did the NSA go from "No Such Agency" to one that can't keep control over tools like this? What in the hell happened?

    1. Re:How... by Captain+Splendid · · Score: 2

      Information wants to be free?

      --
      Linux, you magnificent bastard, I read the fucking manual!
    2. Re:How... by avandesande · · Score: 1

      Entropy doesn't favor things being secret.

      --
      love is just extroverted narcissism
    3. Re:How... by The+Grim+Reefer · · Score: 2

      Are you really so arrogant that you think that the Americans who work for the NSA are the only ones in the world who know how to write malicious code?

      Not at all. But everything I've read states that it was derived from the code that the Shadow Brokers released.

  3. The Growing Cyber War by Frosty+Piss · · Score: 5, Interesting

    I suspect that Russia's growing use of "cyber war" tactics against its enemies will eventually backfire in the political arena. They really can't expect that governments, both friend and foe, will not start to lean on them in a more forceful way. I think and all-out âoecyber warâ between a growing number of countries would be very very very bad for everyone.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:The Growing Cyber War by quonset · · Score: 2

      When then president Obama was informed Russia was doing whatever it could to damage or help defeat Hillary Clinton and get Trump elected, he approved covert measures to plant cyber bombs into Russia's infrastructure. They would be used if the U.S. and Russia escalated the attacks on one another.

      They were still in the planning stages when Obama left office, but enough was done that the incoming president could follow up and use them, if necessary. Which was never done. After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.

    2. Re:The Growing Cyber War by desdinova+216 · · Score: 1

      . After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.

      why not both?

    3. Re:The Growing Cyber War by MightyMartian · · Score: 4, Interesting

      The Obama Administration alluded to consequences at the time. A good many anti-Obama and pro-Russia types (there seem an unusual amount of both on here) seem to forget that everyone knew for months BEFORE the election that the Russians were trying to screw over the US election, and since then we've seen them do it in other Western countries.

      I simply do not understand the willingness of some to condemn the United States and act like cheerleaders for Russia. Russia has been the West's enemy for decades, and even during the brief periods of reasonably good relations over the last few centuries, neither side has ever particularly trusted the other.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:The Growing Cyber War by gweihir · · Score: 2

      That is why I do not think this actually is anything done officially or with official sanctioning. Putin (very much unlike Trump) is not stupid at all and does understand this game very well, because he is a long-time high-level player. His morals may be questionable, but not his smarts.

      My take is that this is some Russian "patriots" and that the only thing they will get from Putin is that the Russian authorities will not try very hard to find these criminals. That is as long as they make very sure to not to much domestic damage. Hence I think these "patriots" are about one coding error away from a long-term vacation in a Siberian labor-camp.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    5. Re:The Growing Cyber War by Mal-2 · · Score: 1

      After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.

      Or he said he did, with the same intentions but not the cost. I think it's more likely those plans are perhaps de-emphasized, but not completely abandoned. I don't think his Not Invented Here syndrome runs that deep.

      --
      How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  4. We all saw it coming, didn't we? by hyperar · · Score: 1, Insightful

    Now everything is "nation-sponsored", so-called expert now throw this at everything without handing a single proof of it's claims, and sometimes not even making sense.

    1. Re:We all saw it coming, didn't we? by gweihir · · Score: 1

      There are historically a lot of loud-mouths and incompetents in the IT security space. This has unfortunately not changed.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:We all saw it coming, didn't we? by thegarbz · · Score: 1

      and sometimes not even making sense

      As a matter of interest, what part of this doesn't make sense?

    3. Re:We all saw it coming, didn't we? by kaatochacha · · Score: 1

      IF you're smart enough to run it, you're smart enough to have redundant communication.

  5. Re:Ready Set Go by Oswald+McWeany · · Score: 5, Interesting

    It doesn't always "have to be Putin" but there is a reason why it frequently is Russia.

    1) They have the resources. No country has a better human resource for hacking than Russia. They have a large highly trained tech-savvy population. They've put more effort into teaching people to be computer literate than almost anywhere else. They also have a wild-west type law enforcement that overlooks a lot of hacking and allows people to hone their skills that way.

    2) They have a motive. Russia is semi-openly hostile to most countries that lay to it's West. They have a policy of constantly testing our defenses. They frequently fly planes into other countries airspace to see how quickly they will react, the cyber warfare is more of the same testing. They're seeing how we will react.

    3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire. Furthermore, his background is in espionage. Being sneaky is in his blood.

    --
    "That's the way to do it" - Punch
  6. Extremely thin "evidence" by William+Baric · · Score: 1

    1. Considering (as far as I know) one of the main propagation method for Petya was through a compromise accounting software mostly used in Ukraine, it's not surprising that Ukraine was the most affected.
    2. The fact that very few people paid the ransom is completely irrelevant.
    3. I'm pretty sure most of these ransomware are made by teenagers and amateurs. Buggy malware is very common.

    So the question is, who are those "researchers" and what evidence do they have? More importantly, are those "researchers" politically motivated?

    1. Re:Extremely thin "evidence" by MightyMartian · · Score: 2, Insightful

      Because Russia would never try to screw around with the computers of a country that it has a) effectively invaded and b) already annexed a piece of its territory. Oh no, to suggest that is somehow to betray "political motivation."

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Extremely thin "evidence" by Anonymous Coward · · Score: 1
      You're a gullible idiot. First of all, Euromaidan was a popular revolution, not a coup. In this particular case, the popular revolution thwarted an attempted coup by Yanukovych. Do yourself a favor, and read about Yanukovych's anti-protest laws, which came to be known as the "Dictatorship laws," illegally imposed after a show of hands in the parliament (not the proper voting procedure), after a consultation trip to the Kremlin.

      As for Crimea, it was the people who were living in Crimea

      Crimeans didn't decide anything. In spite of overwhelming Russian propaganda, polls before Russia's illegal annexation of Crimea showed that Crimeans preferred to stay with Ukraine. First of all, Russia's referendum pantomime was done in breach of numerous international laws, norms, and treaties, and under Russian military occupation. Second, the referendum did not have a "status quo" option. Third, as the Kremlin's Human Rights Council confirmed that the Crimea "referendum" results were totally fabricated. Russia took away Crimeans' ability to determine their own fate.

      the anti-Russia government that took power in Ukraine after the coup?

      When a certain country attacks you, you tend to become anti- that country. But let's get the chronology straight - Russia started its Crimea invasion in early February 2014, while Yanukovych was still in office. One of the Russian officers coordinating the Crimea invasion, was Igor Girkin, who immediately went on to lead Russia's invasion of Ukraine's Donbas region. So your rationalization of Russia's Crimea invasion is absurd.

      so anti-Russians it even tried to forbid the Russian language.

      That's a flat out lie. A motion was proposed in the Rada to take away the privileged status of the Russian language, but Ukraine's acting president, Turchynov, said that he wold veto any such proposal, and that was the end of it. How dumb do you have to be to believe that a country could "forbid" a language that's spoken by the majority of that country?

      can you explain to me why the US government immediately accepted the result of the coup instead of demanding the respect of democracy

      As mentioned above, Yanukovych tried to subvert democracy in Ukraine - he would've turned Ukraine into a Russia-style dictatorship. The revolution ensured that democracy was not thwarted. After three months of Turchynov's provisional government, Poroshenko was elected in accordance with Ukrainian law.

      Considering the difference of military power, if one day Russia decided to invade Ukraine, it would be even easier for them than when the US invaded Iraq.

      More Russian propaganda. Here's a translation of a Novaya Gazeta article, in which a Buryat (Russian Mongol) soldier openly talks about his tank unit invading Donbas. Since the article has been published, his mother has been complaining that the Russian military refuses to give him his military pension or to provide other services due to him as an injured soldier. Ukrainian POW Savchenko was traded to Russia for two Spetsnaz who were captured in Donbas. Just yesterday, a Russian soldier was captured in East Ukraine. You can download the Nemtsov Report, which Boris Nemtsov was compiling before the Kremlin's lackeys murdered him -

    3. Re:Extremely thin "evidence" by Carewolf · · Score: 3

      You are really stupid or really shilly. So let's pretend the russian never entered eastern Ukraine and shot down a commercial airline and bragged about it. They still invaded Crimea and even annexed it.

    4. Re:Extremely thin "evidence" by qaz123 · · Score: 1

      One being able of having a motive to do something doesn't mean he did that. Not to mention there are several possible motives.

    5. Re:Extremely thin "evidence" by qaz123 · · Score: 1

      "of having"=" or having"

  7. Or maybe it's just badly written by Hentes · · Score: 1

    This sounds more like a skiddie modifying the source without understanding it and screwing up than a targeted attack. The code only damages the MFT, which is annoying but most of the time reversible. A nation state level attacker would've been much more thorough.

  8. vaccine by Rudisaurus · · Score: 4, Insightful

    According to BleepingComputer.com, you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

    Content doesn't matter but "Read-only" status does.

    --
    licet differant, aequabitur
    1. Re:vaccine by networkzombie · · Score: 2

      Be warned that the NotPetya read-only perfc file vaccination method only skips encryption on local system, it does not stop NotPetya from searching and infecting other systems over the network using psexec/WMIC/LSAdump. Sophos claims the psexec/WMIC/LSAdump network infection method will infect fully patched Windows 10 systems.

    2. Re:vaccine by 93+Escort+Wagon · · Score: 4, Funny

      you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

      I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!

      --
      #DeleteChrome
    3. Re:vaccine by Coopjust · · Score: 1

      Via Sophos:

      In cases where the SMB exploit fails, Petya tries to spread using PsExec under local user accounts. (PsExec is a command-line tool that allows users to run processes on remote systems.) It also runs a modified mimikatz LSAdump tool that finds all available user credentials in memory.

      It attempts to run the Windows Management Instrumentation Command-line (WMIC) to deploy and execute the payload on each known host with relevant credentials. (WMIC is a scripting interface that simplifies the use of Windows Management Instrumentation (WMI) and systems managed through it.)

      So on networked systems, if a host has the "vaccination" gets hit but has credentials for other systems that permit logon/execution saved, then it can still spread. If you don't save networked credentials for other PCs on your network on a given PC, then it shouldn't be an issue on a fully patched network.

      I could see this being an issue on corporate networks if Windows Server is not fully patched and a server like AD has a network logon that is valid across a wide number of client PCs/other servers, but the impact on most home networks is likely minimal.

      Still wouldn't hurt to apply the 'vaccination' to each PC you own as a precaution though.

    4. Re:vaccine by Anonymous Coward · · Score: 1

      you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

      I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!

      You need to install Linux first.

    5. Re:vaccine by thegarbz · · Score: 1

      That's a poor excuse. Don't let the fact that you have to run software that isn't available on other platforms stop you from using this malware. You can always run Petya in a Windows VM and share the folders back to your mac machine. You too could have the full experience.

    6. Re:vaccine by strikethree · · Score: 1

      you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

      I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!

      Typical Mac user. Sheesh. Any semi-competent Linux user would tell you to install Wine (or buy Cider) first. At least us Linux users do not expect our hands to be held all the time. ;)

      --
      "Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
    7. Re:vaccine by 93+Escort+Wagon · · Score: 1

      Typical Mac user. Sheesh. Any semi-competent Linux user would tell you to install Wine (or buy Cider) first. At least us Linux users do not expect our hands to be held all the time. ;)

      Hey, good point. But I couldn't get it to run in a Crossover Wine bottle either, though. However I have filed a bug report with Codeweavers, and I've up-voted Petya as well... so hopefully soon I can join the fun!

      --
      #DeleteChrome
  9. Re:Ready Set Go by Rei · · Score: 4, Insightful

    Yeah, what part of him de facto annexing parts of half a dozen neighboring countries and de jure annexing part of Ukraine would give one the impression that he wants to restore the empire? What part of Putin lamenting the fall of the Soviet Union would give one that impression?

    --
    "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
  10. Re:Sigh another Russia poke by people with no clue by MightyMartian · · Score: 5, Insightful

    How was the attack poor? Sure, they didn't make any money, but they fucked up a lot of Ukraine businesses. Mission accomplished, I'd say.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  11. Re:Ready Set Go by Anonymous Coward · · Score: 3, Informative

    Care to name half a dozen neighboring countries parts of which Putin annexed de facto or otherwise?

  12. Re: Do you editors even read your own stories?! by bestweasel · · Score: 3, Insightful

    That's one way of looking at it; this is another:

    Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.

    Weaver noted that Petyaâ(TM)s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.

    Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.

    âoeIâ(TM)m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,â Weaver said. âoeThe best way to put it is that Petyaâ(TM)s payment infrastructure is a fecal theater.â

    From Krebs on Security

    For the non-native English speakers here (and I know there are a lot of you), fecal theater is a euphemism for shit show.

  13. Pot meet kettle by Anonymous Coward · · Score: 1

    You know no one particularly trusts America either right. It's a pretty low bar.
    CIA and America have been influencing other countries elections since, almost forever.
    But yep it's the Russians (and the Chinese, those damn "Commies")...

  14. Ransomware Short-Circuited by shubus · · Score: 2

    Cyberattack? Not really. People have already forgotten that the ISP responsible for receiving emails of people desiring to pay the ransom was BLOCKED by the ISP so nobody could pay. This accounts in large part for why the hackers (wherever and whoever they are) didn't collect much money. Anyway, what with all the cyber attacks and ransomware going around I'm still amazed that after all this time, those machines infected STILL HAVE NOT upgraded their OS. It sure pays to do so. But what do I know---I'm not a windows user.

    1. Re:Ransomware Short-Circuited by jjw3579 · · Score: 1

      Blocking the email would not have blocked payments. Victims were supposed to notify them of the transaction numbers after via email. Also it rekt the MFT table.

    2. Re:Ransomware Short-Circuited by shubus · · Score: 1

      Agreed! If the victims couldn't email those guys then they'd never get the keys to unlock their files. I do wonder if anyone ever got their unlock keys.

  15. Re:Ready Set Go by edis · · Score: 1

    highly trained tech-savvy population

    I recall how it all started. Westerners had money, credit cards, and software, that was protected from being stolen.
    Post-soviet kids didn't, so they had works to do. I was reading those cracker magazines, they have been very educational.

    --
    Servant of karma
  16. Re:Sigh another Russia poke by people with no clue by guruevi · · Score: 1

    They didn't get paid, the entire premise of the ransomware failed because they chose an e-mail provider that decided they wouldn't support them. The goal wasn't to fuck anything up, it was to ransom the data and hope a portion of their "victims" didn't have a good backup plan and paid up.

    The businesses technically fucked themselves by a series of bad decisions, first of all, not having backups, not having a competent IT person, running (unpatched) Windows on public systems and/or blindly installing some software, perhaps they'll reconsider their choices in the future.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  17. Random malware get how many stories now? by AHuxley · · Score: 1

    Malware that flows around the internet and infects random nations?
    No security service or nation would allow their own side, nation, interests to be at any risk from random malware.
    Malware thats in the wild doing stuff to a lot of nations is not a national cyber event.
    Its just malware and a slow news day.
    Read up on how nations really consider and use their cyber assets. Nations take care to ensure the system, user or server is the only thing thats accessed.

    Lets do some reading
    The Inside Story of How British Spies Hacked Belgium’s Largest Telco (December 13 2014)
    https://theintercept.com/2014/...
    Read down to the "The hack would remain undetected for two years, until the spring of 2013" part and consider the quality and effort a nation puts into its code.
    To stay in a network, only that network and not get found. No AV or websites or social media talking about that effort in real time.
    Notice the difference after discovery too? "" ... never got a chance to study the routers."" Nations don't comment much on the efforts of other nations, to experts or the media.

    Stuxnet https://en.wikipedia.org/wiki/...
    Equation Group https://en.wikipedia.org/wiki/...
    Again stay hidden, works really well for the task, great effort to stay with interesting people and efforts not spreading back to creators own nation. Skills to try and avoid random AV detection too. Less AV chatter in real time in the wild.
    Nations can try automated cyber efforts but again they are automated to respond to very interesting people and try not to get talked about in real time by AV and experts. The staging servers are not found in real time. Malware do random things to many nations is not a cyber effort.
    Its just malware and a news story.
    Look at list of how nations do their cyber.
    Names and definitions of leaked CIA hacking tools (Mar 9, 2017)
    https://techcrunch.com/2017/03...
    Neat products by server, brand, target. No finding the servers, no finding the nations control GUI. Exploits that work and and can work around most consumer AV and their experts most of the time. Not malware that flows over anything, everything and anyone thats been talked about and studied in real time.
    Discovering a Hive, or SparrowHawk would not be an option for a nation's cyber contractors or gov/mil staff.

    --
    Domestic spying is now "Benign Information Gathering"
  18. Re:Ready Set Go by dbIII · · Score: 1, Informative

    "he just wants to restore the empire". What a load of BS. How the hell does anyone know with such certainty what Putin wants?

    Maybe because he's said that himself many times, especially when campaigning for election.

  19. Re:Ready Set Go by dunkelfalke · · Score: 3, Insightful

    Even Moldova would be wrong - that particular civil war happened when Putin was just an aide for a local politician.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  20. Re:Ready Set Go by Buchenskjoll · · Score: 1

    3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire.

    Fun exercise: Replace Putin with Trump and Russia with USA.

    --
    -- Make America hate again!
  21. Another version by qaz123 · · Score: 1

    It was Ukrainian cybercriminals who wanted to make money but failed to do that because their email was blocked: http://www.news.com.au/technol... The reason Ukraine was the epicenter of the attack was because the criminals was from Ukraine and therefore had better access to Ukrainian targets or knew them better

  22. Re:Ready Set Go by qaz123 · · Score: 2

    Chechnya was not a separate country from Russia even after the Soviet Union broke up. It was and is within the Russian borders.

  23. Re:Ready Set Go by Oswald+McWeany · · Score: 2

    3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire.

    Fun exercise:
    Replace Putin with Trump and Russia with USA.

    For point 3, I in no way disagree with you. There is a reason those two men admire each other.

    --
    "That's the way to do it" - Punch
  24. Re:Ready Set Go by thegarbz · · Score: 1

    Russia is semi-openly hostile

    That's a very nice way of putting a relationship which has in recent history resulted in one country taking a section of the other country by force.

  25. Re:Ready Set Go by dunkelfalke · · Score: 2

    Yes, we already know that you hate Russia. You have been writing about that "for fucking years, absolutely years".

    And yes, Putin was absolutely right that the breakup of the USSR was a disaster - it sent millions of people into poverty, lowered their average life expectation by a decade, revoked many of their rights and freedoms and directly killed tens of thousands in the ensuing ethnic conflicts.

    A slower and more peaceful transformation would have been far more preferable for everyone and all of this is just as true for Yugoslavia.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  26. vulnerabity in MEDoc the Ukrainian tax software by bingoUV · · Score: 1

    http://www.bbc.com/news/techno...

    The tax software's update mechanism got compromised.

    Mikko Hypponen, a security expert at F-Secure, is saying - "If you do business in Ukraine, the software (MEDoc) appears to be de facto,"

    Microsoft is saying : "Active infections of the ransomware initially started from the legitimate MEDoc update process,"

    --
    Bingo Dictionary - Pragmatist, n. A myopic idealist.
  27. Not sure by jon3k · · Score: 1

    I thought there were lots of reports of infections in Russia? Seems like a dangerous move.

    But in general I think Russia's flagrant hacking is really going to come back to bite them. I believe the US is much better at this than Russia. And even if you disagree with that, I don't think any reasonable person would disagree that the US plus its major allies (ie Canada, UK, Germany, etc) are vastly better at this.

    I think the only argument you could make is, well they're already attacking Russia and now Russia is just very publicly fighting back. Maybe in an attempt to position themselves to have negotiations for a "truce" between all nations. I think Russia would benefit a lot more from an agreement than the US would, so maybe appearing to be the largest threat actor helps their negotiating position?

  28. Detracts from DoJ investigation into Kaspersky by sabbede · · Score: 1

    If this was an attack on the Ukraine, it was almost certainly launched by Russia, who would not want Kaspersky to reveal that it was an attack. Yet they have. So I'm guessing that the DoJ investigation isn't going to find that Kaspersky is working for Russia. Except for selling them software.

  29. Did anyone read more? You *can't* pay. by whitroth · · Score: 1

    As I read on Krebs' site, the stupid malware, unlike other malware that generates a unique email to arrange payment, used one, and only one email address. On finding this, the German ISP that the email was on blocked the email.

    The result was that if you *wanted* to pay, you couldn't contact the scum to do so.

    No, it was some wannabee idiot(s) who put it out there. And I'm still expecting them in court really soon... or "killed resisting arrest", since it sure seemed like Rosneft (that's the Russian mostly state-owned oil giant - think Exxon) was hit, too.

  30. Re:Ready Set Go by qaz123 · · Score: 1

    When was it? in 18th century?
    I thought you were talking about post-soviet Russia

  31. Re:Ready Set Go by qaz123 · · Score: 2

    Let me educate you :) The USSR consisted of 15 republic states. According to the constitution of the USSR each republic state had a right to secede from the USSR. These republic states were: Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kazakhstan, Kirghistan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan.
    https://en.wikipedia.org/wiki/...
    As you can see there were no Chechnya among them. Chechnya was a part of the Russian republic state. In the end of 1991, all 15 republic states seceded from the USSR and became 15 independent states. The USSR ceased to exist. And because Chechnya was part of the Russian republic state within the USSR, it became a part of the current Russian Federation.

  32. Re:Ready Set Go by sydbarrett74 · · Score: 1

    Putin wants what is best for Putin

    FTFY.

    --
    'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
  33. Re:LOL you Americans are so stupid by computererds · · Score: 1

    This guy has to be a hired psyop. Everyone knows the US spent billions to fuck up Ukraine.

    US spent $5 billion to destabilize Ukraine The United States spent $5 billion on Ukraine anti-government riots Neocons and the Ukraine Coup U.S. Admits It Spent 5 Billion to Overthrow Ukraine Victoria Nuland's Admits Washington Has Spent $5 Billion to "Subvert Ukraine" Nuland: Fuck the EU

    The US spent billions to overthrow an elected president in Ukraine, created riots. Now Joe Biden's runs Ukraine's oil companies.

    Did you even read your own links?

    "That’s a distorted understanding of remarks given by a State Department official. She was referring to money spent on democracy-building programs in Ukraine since it broke off from the Soviet Union in 1991.

    We rate the claim Pants on Fire."

  34. Re:Ready Set Go by kaatochacha · · Score: 1

    And Taiwan is not a separate country from the People's Republic, but that doesn't make either of them exactly so.

  35. Re:Ready Set Go by qaz123 · · Score: 1

    You are talking what you know nothing about. I saw how the situation in Chechnya was developing very closely to me. To compare it to Taiwan? There wasn't anything close to Taiwan in resemblance in Chechnya. There were only 2-3 years of anarchy there when Russian government have no control over that Russian province. And that's it