At the end of June, the world awoke to another widespread ransomware attack locking down machines across the globe. This time, the bulk of the attack centered on Ukraine, although countries such as Germany, the UK, and the USA also saw infections. Initially, the media reported that this was an attack executed by ransomware known as “Petya.” Petya was originally discovered and detailed back in 2016, spreading through infected emails and employing the typical demand of a ransom paid in Bitcoin.
The attacks of June 27, however, were very different. Some security researchers have thus dubbed this variant “NotPetya.” This version leveraged the same EternalBlue exploit used by WannaCry weeks earlier. On the surface, it looks like it’s operating as ransomware, and the supposed authors even released a statement demanding $250,000 in Bitcoin for access to the master decryption key. However, the email address for ransom payments was deactivated by its provider — and moreover, it seems the ransomware is just a front for the real attack.
Security researchers, like those at Kaspersky Labs, believe now this was a targeted, nation-state level attack against Ukrainian government and infrastructure. Not only were government offices affected, but so was monitoring equipment at the decommissioned Chernobyl nuclear plant. The original Petya ransomware altered the boot record of machines it infected but did so in a reversible manner.
NotPetya renders devices unusable by doing permanent damage to this data. As a result, it has been dubbed a “wiper” rather than actual ransomware. To make matters more interesting, the author of the original Petya has released their own master decryption key, which could be a sign that they wish to make it clear they are not the author of the current attack.
The use of ransomware or other malware as a front for an attack on a country’s computers is a concerning development. While defense for individual users is vital, it’s also clear that large-scale cyberattacks are also on the rise. With so much collateral damage caused by NotPetya across many other countries, institutions must make an effort to deploy effective security measures. After all, the EternalBlue exploit and WannaCry were all over the news for several weeks, and there was ample time to apply patches. For now, inaction remains as much of a threat as the actual malware itself.