August 1, 2017
In the wake of WannaCry, another wide-spread ransomware attack has struck computers throughout Ukraine and elsewhere. However, ransomware may not be the right term for this attack. According to Cisco Talos and other data security outfits, the virus named NotPetya is not about ransom at all. It is about chaos and disruption, though it operates much like a traditional ransomware attack.
Two separate reports from Comae Technologies and Kapersky Lab conclude that there are clues in the source code that indicate infected parties will never be able to reclaim their data. Cisco Talos has since confirmed these conclusions.
Economics or Destruction as Motivation
In a standard ransomware attack, the goal is to extort money from the victim in exchange for the return of their data. The virus encrypts data on the infected computer and informs the victim to send funds, usually in the form of BitCoin or other crypto currency, in exchange for a code to unencrypt the files. While it does not happen in every instance, oftentimes the code is delivered as promised and the victim can go on with their lives. Truly, it is important for the author of these viruses to make good on the deal, because they need future victims to believe that paying money will actually solve the problem. Otherwise, anyone hit by a ransomware virus will simply throw up their hands and move on. The goal is money, and that requires the victim to trust the attacker to an extent.
In NotPetya, the situation is different. The two initial reports confirmed by Cisco Talos found that the encryption routine was faulty. Normally, ransomware viruses use a command and control server to distribute attacks. Those that don’t instead generate an infection ID to house information about the infected target as well as the decryption key. NotPetya arbitrarily generates this information. Meaning, the decryption key is not a decryption key at all. It’s just an arbitrary and useless code.
NotPetya vs Petya
Ransomware viruses tend to have bizarre names, such as WannaCry, and NotPetya is no exception. There is, however, a reason for the name. NotPetya actually resembles another ransomware virus known as simply Petya. The new virus gained the name, because it masquerades as Petya, when in fact there are some key differences. Most notably, data can be recovered after a Petya attack.
Cisco Talos Report
Cisco Talos is the world’s largest repository of cyber security data. It monitors Cisco systems around the globe and compiles security data on the types of attacks that strike the network. By understanding how the attack succeeded, Cisco can then implement patches, updates, or products to counteract hacking attempts. Staffed around the clock, Cisco Talos serves as an excellent authority on all things cyber security.
When such an attack occurs, Talos releases a detailed report on the virus explaining how it works and any other information they may have gathered. Just such a report is now available on the Talos website. For a thorough explanation of NotPetya, you can read the full report here.
What Does It all Mean?
The internet can be a dangerous place, and there are people on the opposite side of the cyber security industry that may not have clear motives. The author of NotPetya is clearly not motivated by money in the traditional sense. The attack was designed to create chaos, and it succeeded at that. Small business owners and often individuals can be lead to believe that they will not be targeted by cyber attacks, because they have nothing of value worth stealing. This isn’t true. There are hackers out there who do not want money. They want mischief, and businesses must prepare accordingly.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.