IS RUSSIA OR NORTH KOREA BEHIND PETYA, THE LATEST CYBERATTACK?
A little over a month since WannaCry has spread all over the world in an unprecedented cyber attack, not only the world is also vulnerable to a similar attack, another attack has already surpassed WannaCry on virulence and damage using some of the same Tools.
On June 27 of this attack, known as “Petia” after a computer crime operation using a similar code, has spread rapidly throughout the world as the first malware attack, and even used the same software vulnerability , But from hence, the operations differ.
In May, ransomware called WannaCry has been extended to 150 countries in a single day, by encrypting the files of the victims and demanding payment in exchange for access.
WannaCry could be extended despite a well-known software vulnerability for which a patch was available, a situation that encouraged many to call for WannaCry revival and, hopefully, a lesson learned.
A list of viruses in LHS (High Security Laboratory) INRIA (National Institute of Computer and Automatic Research) in Rennes November 3, 2016, where computer viruses flourish under the watchful eye of scientists.
The high security laboratory (LHS-PEC) in Rennes is a small fortress from which the first studies on “ransomware” and other malicious software emerge.
But Petia had additional means of infection and, much worse, Petia does not encrypt the files, but is irreparably damaged.
Moreover, the way to pay the Petia ransom was inconvenient at best and was quickly becoming no after the public administration used e-mail to confirm the payment provided closed the account. In short, Petia was just posing as ransomware; Its real function was to destroy the data of the computers of the victims.
The victims of Petia are in sixty-four countries and major ports go to lawyers around the world, but the attack had a specific purpose: Ukraine.
The attack began in Ukraine, where the victims are government offices, Kiev’s main airport, banks and power companies.
The Cabinet of Ministers of Ukraine reported that their computers were frozen, ATMs in Kiev could not distribute money and workers at the Chernobyl nuclear plant had to go to manual operation.
Victims were infected with M. E. Doc, a popular tax accounting software in Ukraine through regional commitments of Ukrainian sites and, in some cases, may have been deliberately infected beforehand. The calendar can also be deliberated on June 28 is Constitution Day, a national holiday that celebrates the independence of Ukraine from the Soviet Union.
Since relations with Russia have deteriorated in 2014, Ukraine has suffered a series of online attacks on government, business, infrastructure and the media, among other sectors. They even caused two accidents, one of which used the first software designed to attack industrial control systems since Stuxnet sabotaged uranium enrichment facility at Natanz in 2010.
It is believed that these attacks are from Russia and begins when tensions between Russia and Ukraine intensified in 2014. Circumstantial evidence linking Petia Russia.
It would have been possible for the attackers behind Petia to restrict infections to only victims using an IP address from Ukraine, but they did not. Attackers could also have avoided infections with machines with Russian IP addresses, but they did not.
This may have been a deliberate decision to allow Petia extended worldwide to support the claim that it was indeed a ransomware effort. Supporting this story could make mud allocation efforts and convince world observers that the attack may have been the work of a band of criminals rather than a nation-state.
If that is the case, it shows a willingness to accept Cavalier collateral damage worldwide, even in Russia itself, where Rosneft, the country’s largest oil company, was one of the victims. Whatever the reason, the damage has reached a global scale.