NotPetya (2017)
Jump to navigation
Jump to search
Date | 27-28 June 2017 |
---|---|
Suspected actor | Russian Federation (official attribution statements made by Ukraine,[1] US and UK[2]) |
Victims | Ukrainian public and private sector (80% of affected systems);[3] multinational companies (Maersk, Merck, FedEx, Saint-Gobain and others) |
Target systems | Microsoft Windows-based systems |
Method | The NotPetya malware was spread by a centralised update to the MeDoc tax accounting software used by many Ukrainian businesses.[4] The malware was using the EternalBlue exploit,[5] possibly developed by the NSA, leaked by a hacker group calling itself the Shadow Brokers, and repurposed by the GRU.[6] It acted as a ransomware, encrypting the target computers’ hard drives and demanding ransom in bitcoin. It was only supposed to spread through internal networks, probably to make it more targeted; however, the transnational companies which had their offices in Ukraine had their internal networks infected globally.[7] |
Purpose | Primarily causing economic loss to Ukrainian entities by irreversibly encrypting their data;[8] the financial gain for the actor was most likely a cover-up (the ransom collection was too simplistic compared to the other parts of the operation and only about USD 10,000 of ransom were collected by 4 July 2017).[9] |
Result | Estimated global economic losses exceeding USD 10 billion;[10] radiation monitoring system at Ukraine’s Chernobyl Nuclear Power Plant went offline.[11] |
Aftermath | The campaign was followed by an extensive public attribution to Russia, which denied all allegations. No further publicly known measures were taken by the victims against Russia. |
Analysed in | Scenario 04: A State’s failure to assist an international organization Scenario 07: Leak of State-developed hacking tools |
Collected by: Tomáš Minárik
- ↑ P Polityuk, “Ukraine points finger at Russian security services in recent cyber attack” (1 July 2017), Reuters.
- ↑ S Marsh, “US joins UK in blaming Russia for NotPetya cyber-attack” (15 February 2018), The Guardian.
- ↑ J Wakefield, “Tax software blamed for cyber-attack spread” (28 June 2017), BBC News.
- ↑ J Wakefield, “Tax software blamed for cyber-attack spread” (28 June 2017), BBC News.
- ↑ K Sood and S Hurley, “NotPetya Technical Analysis – A Triple Threat: File Encryption, MFT Encryption, Credential Theft” (29 June 2017), CrowdStrike blog.
- ↑ E Nakashima, “Russian military was behind ‘NotPetya’ cyberattack in Ukraine, CIA concludes” (12 January 2018), Washington Post.
- ↑ E Auchard, J Stubbs, and A Prentice, “New computer virus spreads from Ukraine to disrupt world business” (27 June 2017), Reuters.
- ↑ F Bajak and R Satter, “Companies still hobbled from fearsome cyberattack” (30 June 2017), Associated Press.
- ↑ A Hern, “Hackers who targeted Ukraine clean out bitcoin ransom wallet” (5 July 2017), The Guardian.
- ↑ A Greenberg, “The Untold Story of NotPetya, the Most Devastating Cyberattack in History” (22 August 2018), Wired.
- ↑ J Henley and O Solon, “ ‘Petya’ ransomware attack strikes companies across Europe and US” (27 June 2018), The Guardian.