The global attack of the extortion virus Petya on Tuesday struck IT systems of companies in several countries of the world, mostly affecting Ukraine, as well as Russian companies. The computers of oil, energy, telecommunications, pharmaceutical companies, as well as state bodies were attacked.
Ukraine was especially hard hit as the National Bank, the country’s largest airport, and a state power firm all suffered severe computer outages. According to the report of Slovakian security software firm ESET, 75 percent of the infections detected were in Ukraine, other top 10 countries hit were located in central, eastern or southern Europe.
Who’s Behind The Attack?
Cyber security firms are trying to piece together who was behind the attack. Ukraine accused the Russian security services Saturday of planning and launching another massive cyberattack.
The Ukrainian security agency, known as the SBU, alleged in a statement that similarities between the malicious software and previous attacks on Ukrainian infrastructure revealed the work of Russian intelligence services.
Researchers suggest the main purpose of the attack was to install new malware on computers at government and commercial organisations in Ukraine. Rather than extortion, the goal may be to plant the seeds of future sabotage – Reports Itnews.
There was no immediate official response from the Russian government, but Russian lawmaker Igor Morozov told the RIA Novosti news agency that the Ukrainian charges were unreasonable and that the attacks were for the benefit of the United States.
According to him, unreasonable accusations of the Security Service of Ukraine (SBU) about the involvement of Russian special services in the attack of the Petya virus are explained by the desire of the Ukrainian authorities to receive increased financial assistance from the West.
“All these” Russian “cyber attacks, which the US first spoke about, and then the West and other countries, are a fiction that the West is trying to use to exaggerate the alleged threat from Russia, which is beneficial both for the US itself, because it gives an increase in military budgets and the “satellites” supported by them, as this can increase the monetary support of these countries” – Morozov told RIA Novosti.
Two cybersecurity outfits have publicly tied the malware to Russian hacking groups – Reported Spokesman.
Russian anti-virus company Kaspersky Lab has identified similarities between Petya and BlackEnergy, a malware that have been used in a series of cyberattacks on Ukrainian infrastructure in recent years.
“There are several parts of the code and strings that are shared,” Vyacheslav Zakorzhevsky, the head of Kaspersky’s anti-virus research department, told The Associated Press on Saturday. “These families are connected.”
ESET, Slovakian cybersecurity firm, found similarities between older cyber attacks in Ukraine:
“This was not an isolated incident. This is the latest in a series of similar attacks in Ukraine,”
The Aim Of Petya
In a recent publication Microsoft stressed that 12.5 thousand computers were infected in Ukraine. According to company experts, the hack attack was carried out using a virus-extortioner, a new version of Ransom: Win32 / Petya, but at the same time it is more “elegant” than its predecessor.
According to the site of the Hacker, the virus was not created for encryption, but for destroying information – it is almost impossible to restore the affected data, and this is not a mistake, but a plan of the authors of the virus. Therefore, Petya should rather be called a wiper, rather than a crypto virus.
Researchers at Kaspersky Lab explain that each infected machine Petya assigns its own ID, but this ID is not passed to the management server (Petya does not have any) and does not contain any valuable information that would later help the attackers “identify” the victim and Give her the key to decrypt the files.
“Our analysis indicates the main purpose of the attack was not financial gain, but widespread destruction,” said Costin Raiu, Kaspersky’s global head of research.