Some researchers claim NotPetya might be Russian cyberattack disguised as ransomware

midian182

midian182

Posts: 9,763   +121
Staff member

We’re still discovering new facts about the NotPetya ransomware that is infecting computers around the world, but the latest claims by several security firms come as quite a surprise: it might not actually be ransomware, but a state-sponsored cyberattack.

Researchers, including those from Kaspersky Lab, believe that despite the malware demanding $300 in Bitcoins, it was primarily designed to damage infected systems by deleting their Master Boot Record, which makes it “Wiper malware” rather than traditional ransomware.

“This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware,”” wrote information security researcher the grugq.

With Microsoft having now verified that the malware originated in Ukrainian accounting software MeDoc, along with the fact that 60 percent of all infections are within the Eastern European country, questions are being raised as to whether this was a politically motivated cyberattack.

"We believe the ransomware was, in fact, a lure to control the media narrative, especially after the WannaCry incident, to attract the attention on some mysterious hacker group rather than a national state attacker," writes Comae Technologies Founder Matt Suiche.

The strange use of a single Bitcoin wallet for payments, as well as the requirement that victims email the hackers, add credence to the theory that NotPetya was designed for disruption rather than profit. It seems the 45 victims who have paid a total of $10,500 in ransom won’t be getting their files back, especially as email provider Posteo closed the attacker’s account.

"Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that after disk encryption, the threat actor could not decrypt victims’ disks," said Kaspersky.

With an apparent focus on the Ukraine – the attack began on the eve of the country’s constitution day – some believe Russia was behind this apparent state-sponsored attack. While it did hit some Russian businesses, these were reportedly well protected and managed to stop the infection with no major damage to their systems.

Roman Boyarchuk, the head of the Center for Cyber Protection within Ukraine's State Service for Special Communications and Information Protection, said "It's difficult to imagine anyone else would want to do this," when asked if he thought Russia was the state sponsor behind the attack.

Permalink to story.

https://www.techspot.com/news/69922-researchers-claim-notpetya-might-russian-cyberattack-disguised-ransomware.html

 
You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. If we're not going to make use of these assets, perhaps the time would be better spent building impenetrable gateways, if there is such a thing. Or we could simply ban all Vodka and force them into a perpetual drunken stupor.
 
By next week we will have forgotten that this ever existed because there'll be a dozen "New & Improved" versions of it by then, all with even more weird sounding names. Now "Melissa" was the way to go. Whether it's a virus or even Yahoo! ex CEO, it was memorable and both were something you'd want to avoid at all cost and never to be repeated.
 
Last edited:
Uncle Al said:
You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. If we're not going to make use of these assets, perhaps the time would be better spent building impenetrable gateways, if there is such a thing. Or we could simply ban all Vodka and force them into a perpetual drunken stupor.
Click to expand...

I'll bet all the preparations the US made were for an attack against military and bureaucracy targets. Their rules of engagement would probably have stopped them from laying the ground work for attacks on industry - until now.
 
Uncle Al said:
You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. If we're not going to make use of these assets, perhaps the time would be better spent building impenetrable gateways, if there is such a thing. Or we could simply ban all Vodka and force them into a perpetual drunken stupor.
Click to expand...
Immature and silly comment, especially the, "You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. ..."
The article's claims are in line with all similar cyber rattling, Russia, Russia, Russia.
Julio Franco's article of yesterday informs us that "The EternalBlue exploit is believed to have been developed by the U.S. National Security Agency (NSA)".
When will we stop blaming the countries who don't suck up to the US, namely Iran, Russia, China and N. Korea, and start facing the bitter truth that the US is yet again behind this cyber attack, like was the case in 2010 with the Stuxnet cyber attack.
 
"It's difficult to imagine anyone else would want to do this,"

Why does anyone create any of the viruses we ever had to face? Mostly to disrupt, destroy, and just ruin your day. Why all of a sudden everything is state sponsored? It's Russia! It might be someone in Russia, It might be someone in China who hates Russia and deployed the virus there. It's not like they have to physically go there. Could be some american hacker, could be, well anyone, the NSA, Canada, Ukraine, Israel, Saudi Arabia, North Korea, or even TechSpot programmers.
 
David Belkin said:
Uncle Al said:
You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. If we're not going to make use of these assets, perhaps the time would be better spent building impenetrable gateways, if there is such a thing. Or we could simply ban all Vodka and force them into a perpetual drunken stupor.
Click to expand...
Immature and silly comment, especially the, "You know, we keep hearing claims that the US can mount a MAJOR cyber attack on Russia anytime it wants, but we never seem to get around to it. ..."
The article's claims are in line with all similar cyber rattling, Russia, Russia, Russia.
Julio Franco's article of yesterday informs us that "The EternalBlue exploit is believed to have been developed by the U.S. National Security Agency (NSA)".
When will we stop blaming the countries who don't suck up to the US, namely Iran, Russia, China and N. Korea, and start facing the bitter truth that the US is yet again behind this cyber attack, like was the case in 2010 with the Stuxnet cyber attack.
Click to expand...

Childish and immature is the man that cannot successfully make his point without insulting others .......
 
You must log in or register to reply here.

Similar threads

midian182
Russia-backed hacking group suspected of attack on US water system
Replies
13
Views
209
trparky
T
midian182
LockBit ransomware group member sentenced to four years for infecting over 1,000 systems
Replies
5
Views
178
Uncle Al
Uncle Al
Shawn Knight
IBM says their latest AI-enhanced storage platform can identify ransomware in under a...
Replies
4
Views
184
wiyosaya
wiyosaya

Latest posts

Back