NotPetya (2017)

From International cyber law: interactive toolkit
Revision as of 07:47, 15 October 2018 by Uncleistvan1BBB (talk | contribs) (Created page with "{| class="wikitable" |Date |27-28 June 2017 |- |Discovered on |27 June 2017 |- |Suspected actor |Russian Federation (official attribution statements made by Ukraine,<ref>P Pol...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Date 27-28 June 2017
Discovered on 27 June 2017
Suspected actor Russian Federation (official attribution statements made by Ukraine,[1] US and UK[2])
Victims Ukrainian public and private sector (80% of affected systems);[3] multinational companies (Maersk, Merck, FedEx, Saint-Gobain and others)
Target systems Microsoft Windows-based systems
Method The NotPetya malware was spread by a centralised update to the MeDoc tax accounting software used by many Ukrainian businesses.[4] The malware was using the EternalBlue exploit,[5] possibly developed by the NSA, leaked by a hacker group calling itself the Shadow Brokers, and repurposed by the GRU.[6] It acted as a ransomware, encrypting the target computers’ hard drives and demanding ransom in bitcoin. It was only supposed to spread through internal networks, probably to make it more targeted; however, the transnational companies which had their offices in Ukraine had their internal networks infected globally.[7]
Purpose Primarily causing economic loss to Ukrainian entities by irreversibly encrypting their data;[8] the financial gain for the actor was most likely a cover-up (the ransom collection was too simplistic compared to the other parts of the operation and only about USD 10,000 of ransom were collected by 4 July 2017).[9]
Result Estimated global economic losses exceeding USD 10 billion;[10] radiation monitoring system at Ukraine’s Chernobyl Nuclear Power Plant went offline.[11]
Aftermath The campaign was followed by an extensive public attribution to Russia, which denied all allegations. No further publicly known measures were taken by the victims against Russia.
Relevance Scenario 04: A State’s failure to assist an international organization Scenario 07: Leak of State-developed hacking tools