The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com) 182
Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky. Ars Technica has more.
Russians (Score:5, Interesting)
Re:Russians (Score:4, Insightful)
So the Russians did it?
They would be the logical assumption. No one gains more by destabalising Ukraine.
Re:Russians (Score:5, Informative)
Moreover, Russia has been engaging in a sustained cyber-warfare campaign in Ukraine, up to and including taking down the power grid and hacking cells of military personnel to gain information on troop positions. Making it look like ransomware was probably more an afterthought in hopes that paranoid firewall admins worldwide would block Ukrainian IP addresses... they really don't care that it eventually gets attributed to them.
I rolled my eyes this morning when I heard the company of origin was in the Ukraine and was not very surprised to see this article today.
Re: (Score:2)
It's also worth noting that according to other sources [twitter.com] Kaspersky is lowballing the percentage of victims that are in Ukraine.
Re: (Score:2, Insightful)
Re: (Score:1)
Re: (Score:1)
In the same way that "paper" is something that can be written upon.
Re: (Score:1)
There's a damn good chance it was perpetrated by the UK / US:
1. Further de-stabilise Ukraine (oh well, collateral damage)
2. MAIN GOAL: blame gets put onto Russia, placing a greater wedge between two neighbors
3. BONUS POINTS: internationally entrenching Russia further into a pariah state
After all: subterfuge is the name of the game.
Heck, we'd also do it to the Chinese if we could, except they might decide to respond by dum
Re: (Score:2)
What the fuck, fuckity, fuck, fuck insane bullshit are you claiming. Fucking prisons across the globe with millions of inhabitants and many of them would not only destabilise their own country to get rich, they would also rape, kill and eat you, if it would make them more powerful.
Like all attacks it is worse in the country of origin where career criminals, who would not only destabilise their own country but kill everyone who tried to stop them, launched it. The Ukraine could not be more corrupt run by fa
Re: Americans are so waistful (Score:1)
Re: (Score:2)
So the Russians did it?
Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever? I mean, what is the motive? All that is gonna cause is systems being hardened and exploitable resource being exhausted.
Besides, if it was the russians they'd have setup a decryption system that won't get disconnected in 5 minutes after it becoming public to milk all possible cash out of it.
Re:Russians (Score:4, Insightful)
Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever?
No one really. No one really gains from Russia being blamed if it wasn't Russia. There is no reason to frame Russia.
I mean, what is the motive?
Oh, you mean, like, besides destabalising the country they are trying to stealthily reclaim, that they've already illegally stolen territory from.
Re: (Score:2)
To frame someone is the core buisiness of the CIA.
Re: (Score:2)
The CIA are more than capable of getting their hands dirty, wouldn't make any sense for them to attack a country they're hoping to stay independent just to make someone else randomly look bad.
Re: (Score:2, Informative)
You understand the concept of Occam's RAzor, right?
Which explanation is more parsimonious?
1. Russia waged a damaging cyberattack on Ukraine, a country it is already effectively at war with and which it has already annexed territory from.
2. The CIA waged a cyberattack on Ukraine, a country the United States is friendly, even allied with, causing Ukraine businesses considerable damage, to make the Russians look bad.
I want you to tell me which explanation is the more parsimonious.
Re: Russians (Score:2)
Re: (Score:2)
That didn't answer my question
Re: (Score:1)
I'm not asking for a plausible motive, I'm asking you which of the two claims is the most parsimonious. Your theory still smells of special pleading, whereas simply saying "The Russians, who already are essentially waging war with Ukraine, have launched another kind of attack."
Why is it so fucking hard to imagine a belligerent in a conflict would use a cyberattack as part of an overall strategy to undermine their opponent? It's far more straightforward and likely that various versions of "The US attacked a
Re: (Score:1)
Re: Russians (Score:1)
Re: (Score:2)
> No one really gains from Russia being blamed if it wasn't Russia.
This is incorrect. The US is attempting to pick a fight with Russia, and this is another pinprick. Why we are trying to pick this fight I do not know.
Re:Russians (Score:5, Insightful)
You are aware, I trust, that Ukraine and Russia are effectively at war, right? Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine? Maybe Russia didn't give a flying fuck whether anyone could eventually decrypt the data or not, if hte point is just to cause damage. It's like asking "Why didn't they send in the Army Corp of Engineers to rebuild the bridge they just bombed to oblivion?" answer being, they just wanted to bomb the bridge to oblivion.
Re: (Score:2, Troll)
You are aware, I trust, that Ukraine and Russia are effectively at war, right?
So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?
Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine?
Because I know from first hand experience government lies all the fucking time.
Re: (Score:1)
As anyone with a brain knows, 60% of all Ukrainian businesses includes a lot more than a few "grocery shops" having trouble with their "cash register computers", you Russian troll.
Re: (Score:1)
Why hurt the Ukrainian economy when one of your primary goals for the past several years has been to hurt the Ukrainian economy?
You're right, I can't figure that one out.
I also can't figure out why a country that has waged one cyberattack after the next against Ukraine, basically using it as a cyberwarfare testing ground, would... launch yet another cyberattack against Ukraine.
Also, I
Re: (Score:3)
Cyberwarfare isn't conventional warfare. It's not like you can run out of electrons. Russia has a group of hackers, and writing malware is a part of their job. When you think about how much it costs to keep the rebels armed and maintain an ununiformed Russia force in rebel areas of Ukraine, a cyberattack is so much bloody cheaper.
As to your explanation for your bizarre conspiracy theory, that really doesn't answer the question at all. You've come up with a very convoluted conspiracy whose only defense seems
Re: (Score:2)
Meant to say:
"Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor *EVEN LESS*."
Re: (Score:2)
Cyberwarfare isn't conventional warfare. It's not like you can run out of electrons. Russia has a group of hackers, and writing malware is a part of their job. When you think about how much it costs to keep the rebels armed and maintain an ununiformed Russia force in rebel areas of Ukraine, a cyberattack is so much bloody cheaper.
As to your explanation for your bizarre conspiracy theory, that really doesn't answer the question at all. You've come up with a very convoluted conspiracy whose only defense seems to be "I don't trust the three letter agencies." Well, I don't trust them either, but I trust conspiracy theories that fail Occam's Razor.
Russia has everything to gain by destabilizing Ukraine, whether that be militarily, or via fucking up their computers. Welcome to the face of modern warfare.
"my bizarre conspiracy theory"
Just look at whos weapons are being used in these attacks
"NotPetya ransomware also uses two NSA exploits leaked by the Shadow Brokers in April 2017. These are ETERNALBLUE (also used by WannaCry) and ETERNALROMANCE.""
Re: Russians (Score:2)
Re: (Score:2)
You are aware, I trust, that Ukraine and Russia are effectively at war, right?
So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?
Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine?
Because I know from first hand experience government lies all the fucking time.
The only government lying about Russia's stance toward the Ukraine is Russia. Many independent commentators yesterday were suggesting that it appears to be a disruption campaign disguised as ransomware.
Re: (Score:2, Interesting)
point is just to cause damage
Not the only point. Days before this outbreak, I happened to read articles, plain stating, that Ukraine is a country turned by Russia into test battlefield of cyberwar (and other kinds of modern war, as per their definition, BTW). Which was proved once again. Russia flexes its muscles both in operation, in damage, and in getting away with it. The same pattern of pushing the limits where they did their dirty act, yet remain difficult to name and be punished - it repeats all over. This pattern is by now well
Re: (Score:1)
Civil war does NOT start with masqueraded foreign troops taking institutions in targeted areas, being set up for fight. I remember very well how after annexation of Crimea people in Eastern Ukraine were urged DAVAI DAVAI, WHAT ARE YOU WAITING FOR?! Then slowly posts on roads were established first of all, and further groups of people speaking St.Peterburg tongue of russian helped taking control over local institutions, with "tourists on vacations" from Russia being leaders of organizing "alternate local gov
Re: (Score:2)
Dude, the russians messed with the election because PUTIN DISLIKES HILARY.
They're the epitome of petty...
Re: (Score:2)
Re: (Score:2)
Likely, but the question is _which_ Russians. Do not forget that this may well be counted as "terrorism" by some metrics and states are understandably reluctant to be labelled as supporting that. My guess would be some misguided Russian "patriots" did this and the only support from Putin they have is that the Russian government will not try very hard to find them.
Re: (Score:1)
Yep, as we know by now, there are enough of "misguided Russian patriots", spending their vacations by participating in very reasonably coordinated warfare against Ukraine, that itself chose distancing.
Re: (Score:2)
If you count this one as "coordinated warfare", then you are out of your mind.
Re: (Score:1)
What do you say? :-) Having primary channel of distribution being chosen with quite a sophistication, effective and country-targeted, please show some respect to the buddies over there. Didn't it work well, after all? Dirty deeds, but done well.
Re: (Score:2)
As a child I read story. There was young a boy tending sheep. He loved to watch the people drop everything and scurry out to protect him and the sheep he yelled "Wolf!". It was great fun until one day he saw the wolf, cried "WOLF!", and no one came so the wolf ate him.
Shouting "RUSSIA ATTACKS!" is a valid strategy to undermine the current US republican-dominated government and Trump specifically. The people doing this need to understand that there can be expensive and painful consequences if it turns o
How... (Score:1)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Are you really so arrogant that you think that the Americans who work for the NSA are the only ones in the world who know how to write malicious code?
Not at all. But everything I've read states that it was derived from the code that the Shadow Brokers released.
The Growing Cyber War (Score:5, Interesting)
I suspect that Russia's growing use of "cyber war" tactics against its enemies will eventually backfire in the political arena. They really can't expect that governments, both friend and foe, will not start to lean on them in a more forceful way. I think and all-out âoecyber warâ between a growing number of countries would be very very very bad for everyone.
Re: (Score:3)
When then president Obama was informed Russia was doing whatever it could to damage or help defeat Hillary Clinton and get Trump elected, he approved covert measures to plant cyber bombs into Russia's infrastructure [washingtonpost.com]. They would be used if the U.S. and Russia escalated the attacks on one another.
They were still in the planning stages when Obama left office, but enough was done that the incoming president could follow up and use them, if necessary. Which was never done. After the changing of administrations
Re: (Score:2)
. After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.
why not both?
Re: (Score:2)
After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.
Or he said he did, with the same intentions but not the cost. I think it's more likely those plans are perhaps de-emphasized, but not completely abandoned. I don't think his Not Invented Here syndrome runs that deep.
Re:The Growing Cyber War (Score:5, Interesting)
The Obama Administration alluded to consequences at the time. A good many anti-Obama and pro-Russia types (there seem an unusual amount of both on here) seem to forget that everyone knew for months BEFORE the election that the Russians were trying to screw over the US election, and since then we've seen them do it in other Western countries.
I simply do not understand the willingness of some to condemn the United States and act like cheerleaders for Russia. Russia has been the West's enemy for decades, and even during the brief periods of reasonably good relations over the last few centuries, neither side has ever particularly trusted the other.
Pot meet kettle (Score:1)
CIA and America have been influencing other countries elections since, almost forever.
But yep it's the Russians (and the Chinese, those damn "Commies")...
Re: (Score:3)
That is why I do not think this actually is anything done officially or with official sanctioning. Putin (very much unlike Trump) is not stupid at all and does understand this game very well, because he is a long-time high-level player. His morals may be questionable, but not his smarts.
My take is that this is some Russian "patriots" and that the only thing they will get from Putin is that the Russian authorities will not try very hard to find these criminals. That is as long as they make very sure to not t
Do you editors even read your own stories?! (Score:1)
The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all.
Slashdot yesterday [slashdot.org]
The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files.
So that would take care of both point 2 and point 3
Or are you guys just interested in perpetuating propaganda now? (Yeah I know.. silly rhetorical question...)
Re: Do you editors even read your own stories?! (Score:3, Insightful)
That's one way of looking at it; this is another:
We all saw it coming, didn't we? (Score:2, Insightful)
Re: (Score:2)
There are historically a lot of loud-mouths and incompetents in the IT security space. This has unfortunately not changed.
Re: (Score:2)
and sometimes not even making sense
As a matter of interest, what part of this doesn't make sense?
Re: (Score:2)
IF you're smart enough to run it, you're smart enough to have redundant communication.
Extremely thin "evidence" (Score:1)
1. Considering (as far as I know) one of the main propagation method for Petya was through a compromise accounting software mostly used in Ukraine, it's not surprising that Ukraine was the most affected.
2. The fact that very few people paid the ransom is completely irrelevant.
3. I'm pretty sure most of these ransomware are made by teenagers and amateurs. Buggy malware is very common.
So the question is, who are those "researchers" and what evidence do they have? More importantly, are those "researchers" poli
Re: (Score:3, Insightful)
Because Russia would never try to screw around with the computers of a country that it has a) effectively invaded and b) already annexed a piece of its territory. Oh no, to suggest that is somehow to betray "political motivation."
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
As for Crimea, it was the people who were living in Crimea
Crimeans didn't decide anything. In spite of overwhelming Russian propaganda, po [ibtimes.com]
Re:Extremely thin "evidence" (Score:4)
You are really stupid or really shilly. So let's pretend the russian never entered eastern Ukraine and shot down a commercial airline and bragged about it. They still invaded Crimea and even annexed it.
Or maybe it's just badly written (Score:2)
This sounds more like a skiddie modifying the source without understanding it and screwing up than a targeted attack. The code only damages the MFT, which is annoying but most of the time reversible. A nation state level attacker would've been much more thorough.
vaccine (Score:5, Insightful)
Content doesn't matter but "Read-only" status does.
Re: (Score:3)
Re: (Score:2)
In cases where the SMB exploit fails, Petya tries to spread using PsExec under local user accounts. (PsExec is a command-line tool that allows users to run processes on remote systems.) It also runs a modified mimikatz LSAdump tool that finds all available user credentials in memory.
It attempts to run the Windows Management Instrumentation Command-line (WMIC) to deploy and execute the payload on each known host with relevant credentials. (WMIC is a scripting interface that simplifies the us
Re:vaccine (Score:5, Funny)
you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.
I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!
Re: (Score:1)
you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.
I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!
You need to install Linux first.
Re: (Score:2)
That's a poor excuse. Don't let the fact that you have to run software that isn't available on other platforms stop you from using this malware. You can always run Petya in a Windows VM and share the folders back to your mac machine. You too could have the full experience.
Re: (Score:2)
you can vaccinate against NotPetya by creating and adding 3 write-protected files to your C:\Windows folder: perfc, perfc.dat, and perfc.dll.
I'm royally screwed, then. Not only does my Mac not have that folder - it won't even let me create a C: drive!
Typical Mac user. Sheesh. Any semi-competent Linux user would tell you to install Wine (or buy Cider) first. At least us Linux users do not expect our hands to be held all the time. ;)
Re: (Score:2)
Typical Mac user. Sheesh. Any semi-competent Linux user would tell you to install Wine (or buy Cider) first. At least us Linux users do not expect our hands to be held all the time. ;)
Hey, good point. But I couldn't get it to run in a Crossover Wine bottle either, though. However I have filed a bug report with Codeweavers, and I've up-voted Petya as well... so hopefully soon I can join the fun!
Sigh another Russia poke by people with no clue (Score:1)
The reason the individuals behind the attack didn't make money and all those customers are hosed is because the email address was blocked by the email provider. That was confirmed yesterday. The rest is speculation and hyperbole by idiots without a clue.
Basically this is what happened: some idiot got their hands on some code, thought he was going to get rich and got immediately blocked by taking out his communication. The "attack" was poor because the criminals are idiots.
Re:Sigh another Russia poke by people with no clue (Score:5, Insightful)
How was the attack poor? Sure, they didn't make any money, but they fucked up a lot of Ukraine businesses. Mission accomplished, I'd say.
Re: (Score:2)
They didn't get paid, the entire premise of the ransomware failed because they chose an e-mail provider that decided they wouldn't support them. The goal wasn't to fuck anything up, it was to ransom the data and hope a portion of their "victims" didn't have a good backup plan and paid up.
The businesses technically fucked themselves by a series of bad decisions, first of all, not having backups, not having a competent IT person, running (unpatched) Windows on public systems and/or blindly installing some sof
Ransomware Short-Circuited (Score:2)
Re: (Score:1)
Re: (Score:1)
Random malware get how many stories now? (Score:2)
No security service or nation would allow their own side, nation, interests to be at any risk from random malware.
Malware thats in the wild doing stuff to a lot of nations is not a national cyber event.
Its just malware and a slow news day.
Read up on how nations really consider and use their cyber assets. Nations take care to ensure the system, user or server is the only thing thats accessed.
Lets do some reading
The Inside Story of How
Another version (Score:1)
vulnerabity in MEDoc the Ukrainian tax software (Score:2)
http://www.bbc.com/news/techno... [bbc.com]
The tax software's update mechanism got compromised.
Mikko Hypponen, a security expert at F-Secure, is saying - "If you do business in Ukraine, the software (MEDoc) appears to be de facto,"
Microsoft is saying : "Active infections of the ransomware initially started from the legitimate MEDoc update process,"
Not sure (Score:2)
But in general I think Russia's flagrant hacking is really going to come back to bite them. I believe the US is much better at this than Russia. And even if you disagree with that, I don't think any reasonable person would disagree that the US plus its major allies (ie Canada, UK, Germany, etc) are vastly better at this.
I think the only argument you could make is, well they're already attacking Russia and now
Detracts from DoJ investigation into Kaspersky (Score:2)
Did anyone read more? You *can't* pay. (Score:2)
As I read on Krebs' site, the stupid malware, unlike other malware that generates a unique email to arrange payment, used one, and only one email address. On finding this, the German ISP that the email was on blocked the email.
The result was that if you *wanted* to pay, you couldn't contact the scum to do so.
No, it was some wannabee idiot(s) who put it out there. And I'm still expecting them in court really soon... or "killed resisting arrest", since it sure seemed like Rosneft (that's the Russian mostly st
Re:Ready Set Go (Score:5, Interesting)
It doesn't always "have to be Putin" but there is a reason why it frequently is Russia.
1) They have the resources. No country has a better human resource for hacking than Russia. They have a large highly trained tech-savvy population. They've put more effort into teaching people to be computer literate than almost anywhere else. They also have a wild-west type law enforcement that overlooks a lot of hacking and allows people to hone their skills that way.
2) They have a motive. Russia is semi-openly hostile to most countries that lay to it's West. They have a policy of constantly testing our defenses. They frequently fly planes into other countries airspace to see how quickly they will react, the cyber warfare is more of the same testing. They're seeing how we will react.
3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire. Furthermore, his background is in espionage. Being sneaky is in his blood.
Re: (Score:1)
highly trained tech-savvy population
I recall how it all started. Westerners had money, credit cards, and software, that was protected from being stolen.
Post-soviet kids didn't, so they had works to do. I was reading those cracker magazines, they have been very educational.
Re: (Score:2)
3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire.
Fun exercise: Replace Putin with Trump and Russia with USA.
Re: (Score:3)
3) They have a leader who doesn't give a damn what other countries think of them. Putin wants what is best for Russia and doesn't care if that makes people in other countries not like him. He doesn't want to be known as clean or honourable- he just wants to restore the empire.
Fun exercise:
Replace Putin with Trump and Russia with USA.
For point 3, I in no way disagree with you. There is a reason those two men admire each other.
Re: (Score:2)
Russia is semi-openly hostile
That's a very nice way of putting a relationship which has in recent history resulted in one country taking a section of the other country by force.
Re: (Score:2)
Putin wants what is best for Putin
FTFY.
Re:Ready Set Go (Score:5, Insightful)
Yeah, what part of him de facto annexing parts of half a dozen neighboring countries and de jure annexing part of Ukraine would give one the impression that he wants to restore the empire? What part of Putin lamenting the fall of the Soviet Union would give one that impression?
Re: (Score:3, Informative)
Re: (Score:1)
Care to name half a dozen neighboring countries parts of which Putin annexed de facto or otherwise?
I could name three: Geogia (twice), Ukraine and Moldova, not sure what the last three might be.
Re:Ready Set Go (Score:4, Insightful)
Even Moldova would be wrong - that particular civil war happened when Putin was just an aide for a local politician.
Re: (Score:3)
Yes, we already know that you hate Russia. You have been writing about that "for fucking years, absolutely years".
And yes, Putin was absolutely right that the breakup of the USSR was a disaster - it sent millions of people into poverty, lowered their average life expectation by a decade, revoked many of their rights and freedoms and directly killed tens of thousands in the ensuing ethnic conflicts.
A slower and more peaceful transformation would have been far more preferable for everyone and all of this is j
Re: (Score:2)
Re: (Score:2)
And Taiwan is not a separate country from the People's Republic, but that doesn't make either of them exactly so.
Re: (Score:1)
I thought you were talking about post-soviet Russia
Re: (Score:2)
https://en.wikipedia.org/wiki/... [wikipedia.org]
As you can see there were no Chechnya among them. Chechnya was a part of the Russian republic state. In the end of 1991, all 15 re
Re: (Score:2, Informative)
Maybe because he's said that himself many times, especially when campaigning for election.
Re: (Score:1)
He has. Frequently.
As an aside he's got Joseph Stalin's library in his office and uses it to impress/scare visitors. When he wants to see what Stalin thought of something he reads the copious notes in the margins of those texts.