Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com)

Posted by msmash on from the new-twist dept.

Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.

29 of 182 comments (clear)

  1. Russians by 110010001000 · · Score: 4, Interesting

    So the Russians did it?

    1. Re:Russians by Oswald+McWeany · · Score: 3, Insightful

      So the Russians did it?

      They would be the logical assumption. No one gains more by destabalising Ukraine.

      --
      "That's the way to do it" - Punch
    2. Re:Russians by Oswald+McWeany · · Score: 3, Insightful

      Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever?

      No one really. No one really gains from Russia being blamed if it wasn't Russia. There is no reason to frame Russia.

      I mean, what is the motive?

      Oh, you mean, like, besides destabalising the country they are trying to stealthily reclaim, that they've already illegally stolen territory from.

      --
      "That's the way to do it" - Punch
    3. Re:Russians by MightyMartian · · Score: 4, Insightful

      You are aware, I trust, that Ukraine and Russia are effectively at war, right? Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine? Maybe Russia didn't give a flying fuck whether anyone could eventually decrypt the data or not, if hte point is just to cause damage. It's like asking "Why didn't they send in the Army Corp of Engineers to rebuild the bridge they just bombed to oblivion?" answer being, they just wanted to bomb the bridge to oblivion.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Russians by skids · · Score: 4, Informative

      Moreover, Russia has been engaging in a sustained cyber-warfare campaign in Ukraine, up to and including taking down the power grid and hacking cells of military personnel to gain information on troop positions. Making it look like ransomware was probably more an afterthought in hopes that paranoid firewall admins worldwide would block Ukrainian IP addresses... they really don't care that it eventually gets attributed to them.

      I rolled my eyes this morning when I heard the company of origin was in the Ukraine and was not very surprised to see this article today.

      --
      Someone had to do it.
    5. Re:Russians by MightyMartian · · Score: 2

      Cyberwarfare isn't conventional warfare. It's not like you can run out of electrons. Russia has a group of hackers, and writing malware is a part of their job. When you think about how much it costs to keep the rebels armed and maintain an ununiformed Russia force in rebel areas of Ukraine, a cyberattack is so much bloody cheaper.

      As to your explanation for your bizarre conspiracy theory, that really doesn't answer the question at all. You've come up with a very convoluted conspiracy whose only defense seems to be "I don't trust the three letter agencies." Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor.

      Russia has everything to gain by destabilizing Ukraine, whether that be militarily, or via fucking up their computers. Welcome to the face of modern warfare.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    6. Re:Russians by edis · · Score: 2, Interesting

      point is just to cause damage

      Not the only point. Days before this outbreak, I happened to read articles, plain stating, that Ukraine is a country turned by Russia into test battlefield of cyberwar (and other kinds of modern war, as per their definition, BTW). Which was proved once again. Russia flexes its muscles both in operation, in damage, and in getting away with it. The same pattern of pushing the limits where they did their dirty act, yet remain difficult to name and be punished - it repeats all over. This pattern is by now well recognizable. It is the same, as throw chunks of army over the border for couple of "training" days, then withdraw them and get away like there was no war. Direct their "polite" military without identification to "help with voting" at neighboring country.

      Their problem, however, is that these patterns are more recognizable, as more instances have been applied. Element of surprise has worn, it is of little secret now, what is Russia Today.

      --
      Servant of karma
  2. Re:How... by Captain+Splendid · · Score: 2

    Information wants to be free?

    --
    Linux, you magnificent bastard, I read the fucking manual!
  3. The Growing Cyber War by Frosty+Piss · · Score: 5, Interesting

    I suspect that Russia's growing use of "cyber war" tactics against its enemies will eventually backfire in the political arena. They really can't expect that governments, both friend and foe, will not start to lean on them in a more forceful way. I think and all-out âoecyber warâ between a growing number of countries would be very very very bad for everyone.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:The Growing Cyber War by quonset · · Score: 2

      When then president Obama was informed Russia was doing whatever it could to damage or help defeat Hillary Clinton and get Trump elected, he approved covert measures to plant cyber bombs into Russia's infrastructure. They would be used if the U.S. and Russia escalated the attacks on one another.

      They were still in the planning stages when Obama left office, but enough was done that the incoming president could follow up and use them, if necessary. Which was never done. After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.

    2. Re:The Growing Cyber War by MightyMartian · · Score: 4, Interesting

      The Obama Administration alluded to consequences at the time. A good many anti-Obama and pro-Russia types (there seem an unusual amount of both on here) seem to forget that everyone knew for months BEFORE the election that the Russians were trying to screw over the US election, and since then we've seen them do it in other Western countries.

      I simply do not understand the willingness of some to condemn the United States and act like cheerleaders for Russia. Russia has been the West's enemy for decades, and even during the brief periods of reasonably good relations over the last few centuries, neither side has ever particularly trusted the other.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re:The Growing Cyber War by gweihir · · Score: 2

      That is why I do not think this actually is anything done officially or with official sanctioning. Putin (very much unlike Trump) is not stupid at all and does understand this game very well, because he is a long-time high-level player. His morals may be questionable, but not his smarts.

      My take is that this is some Russian "patriots" and that the only thing they will get from Putin is that the Russian authorities will not try very hard to find these criminals. That is as long as they make very sure to not to much domestic damage. Hence I think these "patriots" are about one coding error away from a long-term vacation in a Siberian labor-camp.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  4. Re:Ready Set Go by Oswald+McWeany · · Score: 5, Interesting

    It doesn't always "have to be Putin" but there is a reason why it frequently is Russia.

    1) They have the resources. No country has a better human resource for hacking than Russia. They have a large highly trained tech-savvy population. They've put more effort into teaching people to be computer literate than almost anywhere else. They also have a wild-west type law enforcement that overlooks a lot of hacking and allows people to hone their skills that way.

    2) They have a motive. Russia is semi-openly hostile to most countries that lay to it's West. They have a policy of constantly testing our defenses. They frequently fly planes into other countries airspace to see how quickly they will react, the cyber warfare is more of the same testing. They're seeing how we will react.

    3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire. Furthermore, his background is in espionage. Being sneaky is in his blood.

    --
    "That's the way to do it" - Punch
  5. Re:How... by The+Grim+Reefer · · Score: 2

    Are you really so arrogant that you think that the Americans who work for the NSA are the only ones in the world who know how to write malicious code?

    Not at all. But everything I've read states that it was derived from the code that the Shadow Brokers released.

  6. vaccine by Rudisaurus · · Score: 4, Insightful

    According to BleepingComputer.com, you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

    Content doesn't matter but "Read-only" status does.

    --
    licet differant, aequabitur
    1. Re:vaccine by networkzombie · · Score: 2

      Be warned that the NotPetya read-only perfc file vaccination method only skips encryption on local system, it does not stop NotPetya from searching and infecting other systems over the network using psexec/WMIC/LSAdump. Sophos claims the psexec/WMIC/LSAdump network infection method will infect fully patched Windows 10 systems.

    2. Re:vaccine by 93+Escort+Wagon · · Score: 4, Funny

      you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.

      I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!

      --
      #DeleteChrome
  7. Re:Ready Set Go by Rei · · Score: 4, Insightful

    Yeah, what part of him de facto annexing parts of half a dozen neighboring countries and de jure annexing part of Ukraine would give one the impression that he wants to restore the empire? What part of Putin lamenting the fall of the Soviet Union would give one that impression?

    --
    "99 dead duelists of Dios on the wall. 99 dead duelists of Dios! Take one's ring, pass it around..."
  8. Re:Sigh another Russia poke by people with no clue by MightyMartian · · Score: 5, Insightful

    How was the attack poor? Sure, they didn't make any money, but they fucked up a lot of Ukraine businesses. Mission accomplished, I'd say.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  9. Re:Extremely thin "evidence" by MightyMartian · · Score: 2, Insightful

    Because Russia would never try to screw around with the computers of a country that it has a) effectively invaded and b) already annexed a piece of its territory. Oh no, to suggest that is somehow to betray "political motivation."

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  10. Re:Ready Set Go by Anonymous Coward · · Score: 3, Informative

    Care to name half a dozen neighboring countries parts of which Putin annexed de facto or otherwise?

  11. Re: Do you editors even read your own stories?! by bestweasel · · Score: 3, Insightful

    That's one way of looking at it; this is another:

    Nicholas Weaver, a security researcher at the International Computer Science Institute and a lecturer at UC Berkeley, said Petya appears to have been well engineered to be destructive while masquerading as a ransomware strain.

    Weaver noted that Petyaâ(TM)s ransom note includes the same Bitcoin address for every victim, whereas most ransomware strains create a custom Bitcoin payment address for each victim.

    Also, he said, Petya urges victims to communicate with the extortionists via an email address, while the majority of ransomware strains require victims who wish to pay or communicate with the attackers to use Tor, a global anonymity network that can be used to host Web sites which can be very difficult to take down.

    âoeIâ(TM)m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,â Weaver said. âoeThe best way to put it is that Petyaâ(TM)s payment infrastructure is a fecal theater.â

    From Krebs on Security

    For the non-native English speakers here (and I know there are a lot of you), fecal theater is a euphemism for shit show.

  12. Ransomware Short-Circuited by shubus · · Score: 2

    Cyberattack? Not really. People have already forgotten that the ISP responsible for receiving emails of people desiring to pay the ransom was BLOCKED by the ISP so nobody could pay. This accounts in large part for why the hackers (wherever and whoever they are) didn't collect much money. Anyway, what with all the cyber attacks and ransomware going around I'm still amazed that after all this time, those machines infected STILL HAVE NOT upgraded their OS. It sure pays to do so. But what do I know---I'm not a windows user.

  13. Re:Extremely thin "evidence" by Carewolf · · Score: 3

    You are really stupid or really shilly. So let's pretend the russian never entered eastern Ukraine and shot down a commercial airline and bragged about it. They still invaded Crimea and even annexed it.

  14. Re:Ready Set Go by dunkelfalke · · Score: 3, Insightful

    Even Moldova would be wrong - that particular civil war happened when Putin was just an aide for a local politician.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  15. Re:Ready Set Go by qaz123 · · Score: 2

    Chechnya was not a separate country from Russia even after the Soviet Union broke up. It was and is within the Russian borders.

  16. Re:Ready Set Go by Oswald+McWeany · · Score: 2

    3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire.

    Fun exercise:
    Replace Putin with Trump and Russia with USA.

    For point 3, I in no way disagree with you. There is a reason those two men admire each other.

    --
    "That's the way to do it" - Punch
  17. Re:Ready Set Go by dunkelfalke · · Score: 2

    Yes, we already know that you hate Russia. You have been writing about that "for fucking years, absolutely years".

    And yes, Putin was absolutely right that the breakup of the USSR was a disaster - it sent millions of people into poverty, lowered their average life expectation by a decade, revoked many of their rights and freedoms and directly killed tens of thousands in the ensuing ethnic conflicts.

    A slower and more peaceful transformation would have been far more preferable for everyone and all of this is just as true for Yugoslavia.

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
  18. Re:Ready Set Go by qaz123 · · Score: 2

    Let me educate you :) The USSR consisted of 15 republic states. According to the constitution of the USSR each republic state had a right to secede from the USSR. These republic states were: Armenia, Azerbaijan, Belarus, Estonia, Georgia, Kazakhstan, Kirghistan, Latvia, Lithuania, Moldova, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan.
    https://en.wikipedia.org/wiki/...
    As you can see there were no Chechnya among them. Chechnya was a part of the Russian republic state. In the end of 1991, all 15 republic states seceded from the USSR and became 15 independent states. The USSR ceased to exist. And because Chechnya was part of the Russian republic state within the USSR, it became a part of the current Russian Federation.