Monero's privacy protection could spell good news for criminals
Monero's privacy protection could spell good news for criminals

Petya cyber attack that spread around the world was intent on destruction, not on making money

The software suggested it was ransomware – but that might only have been a trick

Andrew Griffin
Friday 30 June 2017 09:53
Comments

The cyber attack that broke many of the world's biggest companies was intent only on destruction.

Experts say that initial suggestions that the software was being used to make money may have been a distraction. The software might instead be part of a plan simply to cripple as many systems, companies and countries as possible, they said.

The software itself suggested it was ransomware – when it was loaded up and had taken over users' computers, it asked for money to get the files back. But actually paying that money wasn't possible, and so it generated a tiny amount of cash.

Instead that ransom might have been a way of hiding the true motives of the people behind the malware.

"It is clear that this was targeted indiscriminately at Ukrainian businesses, and the Ukrainian government," Jake Williams, president of the security firm Rendition Infosec and a former member of the U.S. National Security Agency's elite cyberwarfare group, told The Associated Press in an online chat. "The 'ransomware' component is just a smokescreen (and a bad one)."

The attack started in Ukraine before making its way quickly and indiscriminately across the world. But the country took most of the brunt of the attack, with banks and other important infrastructure having their systems taken offline and so being unable to function.

"There is still a lot of damage, especially in banks," said Victor Zhora, CEO of the Kiev cybersecurity firm InfoSafe. "ATMs are working (again) but some bank operations are still limited." He estimated damage in "the millions of dollars, perhaps tens of millions."

And that's just in Ukraine. Microsoft said the malware hit at least 64 nations, including Russia, Germany and the United States. "I expect that we will see additional fallout from this is the coming days," said Williams.

The ransom system appeared to have been set up very badly, if attackers were aiming to make money. They asked victims to send proof that they had handed over cash to one specific email address – but that address was frozen by the provider within hours, taking it offline, and leaving the attackers making only $10,000.

Some security researchers said that the people behind the attack wouldn't even have been able to unlock encrypted computers, even if they wanted to.

Researchers have said that it's possible the attack came from Russia, and perhaps within the Russian state. Clues include the timing – the attack came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating the new Ukrainian constitution signed after the breakup of the Soviet Union

"Everything being said so far does point to Russia being a leading candidate for a suspect in this attack," said Robert M. Lee, CEO of Dragos Inc. an expert who has studied the attacks on Ukraine's power grid.

What's most worrisome and reprehensible, said Lee, is that whoever was behind the attack was unconcerned about the indiscriminate, collateral damage it caused — much of it within Russia itself. That's highly unusual behaviour for nation-states.

Additional reporting by Associated Press

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in