Petya's Ransomware
Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes.
The Petya attack -- which disrupted major government agencies, infrastructure sites, multinational companies and other organizations -- actually used the cover of a ransomware attack to deploy a more malicious exploit, called a "wiper," that paralyzed thousands of computers and destroyed data in dozens of countries around the world, some leading cybersecurity experts have concluded.
The National Cyber Security Centre, which operates within the UK's GCHQ intellligence agency, late last month raised questions about the motives behind the attack, saying it had found evidence that questioned initial judgments that collecting ransoms was Petya's chief goal.
The financial motivation was questionable early on, based on critical evidence seen during the intial outbreak of the attack, noted Vikram Thakur, technical director at Symantec.
The large number of victims located in Ukraine and the fact that the infection vector was software primarily used there raised suspicions, he told the E-Commerce Times.
Further, "the single bitcoin wallet payment method, use of a single email for decryption communications, absence of a C&C (command & control server), encryption of files with extensions primarily used by businesses, the wiping of the MBR, along with the randomly generated key displayed to the victim, all contributed to the belief that the attacker did not expect to receive ransom in exchange for decryption keys," Thakur said.
The single email was a key concern of researchers. German provider Posteo shut down the email used by the hackers as the sole means of contact, which professional hackers would have expected to happen. They would have established more than one potential means of collecting ransom and then releasing data back to victims.
Kaspersky Lab, one of the first cybersecurity firms to publicize the true nature of the attack, posting on June 28 that the Petya malware attack was a wiper disguised
Comments
Post a Comment