Many reports have used the word massive for the ransomware cyber attacks that are hitting all across Europe, Ukraine, Russia, and Scandinavia.
By many reports, Ukraine is being hit the hardest. The Ministry of Internal Affairs and the National Police sites are down, hospitals, all sorts of banks, power companies. businesses and other infrastructure cyber outlets are offline.
Reports from all over the world, including Russia, UK, France, Romania, and Denmark are a reminder that the online world is vulnerable.
Such giants as advertising firm WPP, Rosneft, and Maersk are among currently reported high-profile victims.
Reliable sources are stating this is nothing new, it’s based on the stolen NSA tool Eternablue. Here’s a way of getting at the key: https://github.com/leo-stone/hack-petya
The vector is SMB, just like Wannacry… so unless someone is dropping an exploit into the worm its Groundhog Day…
Why is this attack being launched so soon after WannaCry? According to Andrei Barysevich, a spokesman for security firm Recorded Future:
“A South Korean hosting firm just paid $1m to get their data back and that’s a huge incentive,” he said. “It’s the biggest incentive you could offer to a cyber-criminal.”
It boils down, now, to who is responsible? My suspicions are with a criminal group in Russia, primarily because of the seemingly focused targeting on Ukraine, but there is no telling who may be directing them. The reason I say so lies in the fact that the global attacks might be a smokescreen, an obfuscation for a focused attack on Ukraine. Kiev Airport is affected, the National Police, the Ministry of Internal Affairs, and others, which sounds like a heck of lot more damage than any other country. Look at the FSB, I say.
Others may be pointing in the same direction.
- Ukraine is a test bed for global cyberattacks that will target major infrastructure
- Large-scale cyberattack is spreading through Russia and Ukraine
The reason I am not committed to this theory, however, lies in the number of Russian targets also hit.
Affected organisations included the Rosneft oil major and its recently acquired subsidiary Bashneft, metals major Evraz, as well as Russian divisions of Mars, Nivea, TESA, and a number of banks, altogether over 80 entities, according to the Russian business daily Vedomosti.
I also note a distinct lack of reporting on targets in the US and the rest of the world. One wonders how the attacks are focused only on “the West”?
Cyber Forensics is still not sophisticated enough to track this attack back to its source, not in real time. It may take days, weeks, or months to find the real culprit. Even then the chances of an arrest and a conviction are currently only about 5%.
Amidst the new attacks which cybersecurity professionals are attempting to counter, there is humor. Ukraine trolled itself with this Tweet featuring the “This is Fine” meme which normally means “the cartoon is typically used as a reaction image to convey a sense of self-denial or acceptance in the face of a hopeless situation.”
The question boils down to who is behind this new series of attacks? Most reports are saying this is a larger attack than WannaCry, the payoff appears to be worth the risks. Is this an obscurant for the real main cyber attack on Ukraine or is this strictly criminal?