Petya’s Ransomware Cloaking Device

Recent ransomware threats have escalated into a global crisis, and cybersecurity experts and government authorities have redoubled their investigative efforts. Of grave concern is the possibility that the recent Petya attack had more sinister motives than typical ransomware operations, and that state actors were involved behind the scenes. The Petya attack — which disrupted major government agencies, infrastructure sites, multinational companies and other organizations — actually used the cover of a ransomware attack to deploy a more malicious exploit, called a “wiper,” that paralyzed thousands of computers and destroyed data in dozens of countries around the world, some leading cybersecurity experts have concluded. The National Cyber Security Centre, which operates within the UK’s GCHQ intellligence agency, late last month raised questions about the motives behind the attack, saying it had found evidence that questioned initial judgments that collecting ransoms was Petya’s chief goal. The financial motivation was questionable early on, based on critical evidence seen during the intial outbreak of the attack, noted Vikram Thakur, technical director at Symantec. Ukraine Connection The large number of victims located in Ukraine and the fact that the infection vector was software primarily used there raised suspicions, he told the E-Commerce Times. Further, “the single bitcoin wallet payment method, use of a single email for decryption communications, absence of a C&C (command & control server), encryption of files with extensions primarily used by...

Read More