Ukraine has claimed Russia was behind the NotPetya cyberattack that caused havoc around the world, with Ukraine itself apparently the hardest hit. Ukraine’s national bank, public transport hubs and supermarkets were targeted; sixty other countries also reported attacks.
During the outbreak, security researchers claimed to have evidence that computers belonging to a Ukrainian accounting software firm, Intellect Service, had been breached.
During the outbreak, security researchers claimed to have evidence that computers belonging to a Ukrainian accounting software firm, Intellect Service, had been breached.
NotPetya was then pushed out to businesses via updates to the firm’s MeDoc program, the researchers alleged. Intellect Service has continued to deny this, but Ukraine’s national cybercrime force has said it is under investigation and will face charges.
The Ukrainian authorities have also said they have proof that the real force behind NotPetya was a foreign state, Russia – an accusation Moscow has denied.
Although NotPetya appears to be ransomware, designed to encrypt hard disc data and demand a $300 payment in Bitcoin, some security experts now believe it was unleashed more to cause disruption than to make money. Analysis reveals that significantly fewer payments were sent to the NotPetya’s Bitcoin wallet than to WannaCry during the first 24 hours of each outbreak.
“… pretending to be a ransomware while being in fact a nation state attack… is in our opinion a very subtle way from the attacker to control the narrative of the attack,” wrote Matt Suiche at cybersecurity firm Comae in a blog post last week.
If NotPetya was indeed malware created by a nation state, then that might open the door to retaliation by Ukraine, according to a NATO legal researcher. Tomáš Minárik said in a press statement that because the cyberattack affected government systems, it might be viewed as a violation of sovereignty.
But not everyone is convinced by the theory that NotPetya was malware deliberately disguised as ransomware. Instead, it may simply have been poorly implemented ransomware, suggested security researcher Robert Graham. “Infamy,” he wrote, “doesn’t mean skill.”
0 comments:
Drop your comments here!