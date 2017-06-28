The Petya Ransomware Is Starting To Look Like a Cyberattack in Disguise (theverge.com) 46
Further research and investigation into Petya ransomware -- which has affected computers in over 60 countries -- suggest three interesting things: 1. Ukraine was the epicentre of the attack. According to Kaspersky, 60 percent of all machines infected were located within Ukraine. 2. The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all. 3. Petya was either "incredibly buggy, or irreversibly destructive on purpose." An anonymous reader shares a report: Because the virus has proven unusually destructive in Ukraine, a number of researchers have come to suspect more sinister motives at work. Peeling apart the program's decryption failure in a post today, Comae's Matthieu Suiche concluded a nation state attack was the only plausible explanation. "Pretending to be a ransomware while being in fact a nation state attack," Suiche wrote, "is in our opinion a very subtle way from the attacker to control the narrative of the attack." Another prominent infosec figure put it more bluntly: "There's no fucking way this was criminals." There's already mounting evidence that Petya's focus on Ukraine was deliberate. The Petya virus is very good at moving within networks, but initial attacks were limited to just a few specific infections, all of which seem to have been targeted at Ukraine. The highest-profile one was a Ukrainian accounting program called MeDoc, which sent out a suspicious software update Tuesday morning that many researchers blame for the initial Petya infections. Attackers also planted malware on the homepage of a prominent Ukraine-based news outlet, according to one researcher at Kaspersky.
So the Russians did it?
They would be the logical assumption. No one gains more by destabalising Ukraine.
Moreover, Russia has been engaging in a sustained cyber-warfare campaign in Ukraine, up to and including taking down the power grid and hacking cells of military personnel to gain information on troop positions. Making it look like ransomware was probably more an afterthought in hopes that paranoid firewall admins worldwide would block Ukrainian IP addresses... they really don't care that it eventually gets attributed to them.
I rolled my eyes this morning when I heard the company of origin was in the Ukraine
So the Russians did it?
Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever? I mean, what is the motive? All that is gonna cause is systems being hardened and exploitable resource being exhausted.
Besides, if it was the russians they'd have setup a decryption system that won't get disconnected in 5 minutes after it becoming public to milk all possible cash out of it.
Re:Russians (Score:5, Insightful)
Who has most to gain from russia being blamed for something petty with no gains in it for them whatsoever?
No one really. No one really gains from Russia being blamed if it wasn't Russia. There is no reason to frame Russia.
I mean, what is the motive?
Oh, you mean, like, besides destabalising the country they are trying to stealthily reclaim, that they've already illegally stolen territory from.
To frame someone is the core buisiness of the CIA.
The CIA are more than capable of getting their hands dirty, wouldn't make any sense for them to attack a country they're hoping to stay independent just to make someone else randomly look bad.
Re:Russians (Score:5, Insightful)
You are aware, I trust, that Ukraine and Russia are effectively at war, right? Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine? Maybe Russia didn't give a flying fuck whether anyone could eventually decrypt the data or not, if hte point is just to cause damage. It's like asking "Why didn't they send in the Army Corp of Engineers to rebuild the bridge they just bombed to oblivion?" answer being, they just wanted to bomb the bridge to oblivion.
You are aware, I trust, that Ukraine and Russia are effectively at war, right?
So why expend your limited resource on forcing a couple of ukrainian grocery shops to re-image their cash register computers?
Why this need for convoluted conspiracy theories when the most parsimonious explanation is that Russia waged a cyberattack on Ukraine?
Because I know from first hand experience government lies all the fucking time.
It doesn't always "have to be Putin" but there is a reason why it frequently is Russia.
1) They have the resources. No country has a better human resource for hacking than Russia. They have a large highly trained tech-savvy population. They've put more effort into teaching people to be computer literate than almost anywhere else. They also have a wild-west type law enforcement that overlooks a lot of hacking and allows people to hone their skills that way.
2) They have a motive. Russia is semi-openly hostile
Are you really so arrogant that you think that the Americans who work for the NSA are the only ones in the world who know how to write malicious code?
Not at all. But everything I've read states that it was derived from the code that the Shadow Brokers released.
The Growing Cyber War (Score:3)
I suspect that Russia's growing use of "cyber war" tactics against its enemies will eventually backfire in the political arena. They really can't expect that governments, both friend and foe, will not start to lean on them in a more forceful way. I think and all-out âoecyber warâ between a growing number of countries would be very very very bad for everyone.
When then president Obama was informed Russia was doing whatever it could to damage or help defeat Hillary Clinton and get Trump elected, he approved covert measures to plant cyber bombs into Russia's infrastructure [washingtonpost.com]. They would be used if the U.S. and Russia escalated the attacks on one another.
They were still in the planning stages when Obama left office, but enough was done that the incoming president could follow up and use them, if necessary. Which was never done. After the changing of administrations
. After the changing of administrations, the new president promptly shelved these plans. As a goodwill gesture towards Russia, or possibly a way of saying thanks for the help.
why not both?
The attackers behind the attack have made little money -- around $10,000. Which leads to speculation that perhaps money wasn't a motive at all.
Slashdot yesterday [slashdot.org]
The ransom note demands victims send bitcoin to a predefined address and contact the hacker via email to allegedly have their files decrypted. But the email company the hacker happened to use, Posteo, says it has decided to block the attacker's account, leaving victims with no obvious way to unlock their files.
So that would take care of both point 2 and point 3
Or are you guys just interested in perpetuating propaganda now? (Yeah I know.. silly rhetorical question...)
We all saw it coming, didn't we? (Score:3)
Extremely thin "evidence" (Score:1)
1. Considering (as far as I know) one of the main propagation method for Petya was through a compromise accounting software mostly used in Ukraine, it's not surprising that Ukraine was the most affected.
2. The fact that very few people paid the ransom is completely irrelevant.
3. I'm pretty sure most of these ransomware are made by teenagers and amateurs. Buggy malware is very common.
So the question is, who are those "researchers" and what evidence do they have? More importantly, are those "researchers" political
Or maybe it's just badly written (Score:2)
This sounds more like a skiddie modifying the source without understanding it and screwing up than a targeted attack. The code only damages the MFT, which is annoying but most of the time reversible. A nation state level attacker would've been much more thorough.
vaccine (Score:4, Insightful)
Content doesn't matter but "Read-only" status does.
Re: (Score:2)
Sigh another Russia poke by people with no clue (Score:2)
The reason the individuals behind the attack didn't make money and all those customers are hosed is because the email address was blocked by the email provider. That was confirmed yesterday. The rest is speculation and hyperbole by idiots without a clue.
Basically this is what happened: some idiot got their hands on some code, thought he was going to get rich and got immediately blocked by taking out his communication. The "attack" was poor because the criminals are idiots.