Update on Latest Ransomware Outbreak

Standard

Or was it?  Tuesday, I reported on what was considered to be a new, global, ransomware outbreak that was underway in Europe.  Some major international corporations were already reporting they had been hit and that this was worse than the recent WannaCry outbreak.

Now, two days later, as security researchers, government and law enforcement agencies have been able to review the malicious code and the impacts of the attack, a new working theory has developed.

PetyaUkraineThis may not have been ransomware at all.  It did act like ransomware, in that it purported to encrypt the data on infected computers and demanded a ransom paid in Bitcoin.  However, unlike previous ransomware infections, very little money changed hands.  Some reports say only $10,000.00.  Other reports suggest that no one ever received a decryption key and that because this infection rebooted a computer, after destroying it’s master boot record, which renders the computer unable to boot, that there is no possible recovery.

Another interesting fact about this outbreak is that up to 75% of the infections, by some reports, were in the Ukraine.  Further analysis is showing that of the organizations reporting infection outside of Ukraine, all had subsidiaries or business dealings within Ukraine and those were the source of their infection.

This was originally thought to be the Petya ransomware, which is not new.  Some are now referring to this as NotPetya or Nyetnya, to say it really was not Petya at all.  The most serious concerns center around this outbreak as a distraction for a more ominous purpose.  Most theories are suggesting that this outbreak was exactly that, a distraction that allowed the attackers to implant as yet undiscovered malware, that is lying dormant, waiting to be triggered in the future, with potentially devastating impact.  This same theory suggests the real target is the computer infrastructure of the Ukraine and that the impact seen on the financial, transportation and critical infrastructure networks, including that of the monitoring systems at the Chernobyl nuclear site, were a test to probe the Ukraine’s cyber defensives.

If this proves true, this is a frightening development on the rapidly evolving cyber warfare capabilities of nation states around the world.  There have been recent reports of other nation states having possibly implanted cyber weapons into adversaries critical networks, with the intent of executing the malicious code should events warrant.

We may be witnessing the 21st centuries newest arms race and the implications are more serious than most may realize.  I am sure that more detail will come to light in coming days and weeks.  I am also sure that we will never know the full story of this latest event.