Petya Ransomware Attack Shuts Down Computers in 65 Countries
WHISTLEBLOWING, 3 Jul 2017
29 Jun 2017 – In the second massive cyberattack in 44 days, both originating from malicious software developed by the US National Security Agency-NSA, personal computers in at least 65 countries were shut down Tuesday [27 Jun] by an epidemic of ransomware known as Petya.
The attack had its greatest impact and first manifestation in Ukraine, where an estimated 12,500 computer systems were infected. Initial reports of the malware came when Ukrainian computer users attempted to update their copies of the tax and accounting software MeDoc. From there, the ransomware spread quickly all over the world, with major outages reported in Belgium, Brazil, Germany, Russia and the United States.
Among the corporations hit by the attack were the American pharmaceutical giant Merck, the British advertising agency WPP, the French multinational Saint-Gobain, the Russian steel and mining company Evraz and the Australian factory of the chocolate company Cadbury. In Ukraine, government ministries, ATMs and transit and airports systems were paralyzed and workers at the Chernobyl nuclear disaster site were forced to monitor radiation levels manually because their computers became inoperable.
In the US, Heritage Valley Health Systems, a Pennsylvania health care provider, was forced to cancel operations at its hospitals in Beaver and Sewickley due to the computer outage caused by Petya. According to some security experts, the latest ransomware attack represents a more sophisticated and lethal application of the malware than previously encountered.
The Petya ransomware causes computers to stop functioning and brings up a red screen with white letters that says the hard disks on the system have been encrypted with “military grade encryption.” The files on the system will be restored, the message explains, only in exchange for a payment of $300 in bitcoin electronic currency to a specified email address. It is not clear if making the ransom payment leads to the restoration of file access.
Once cybersecurity experts identified the email account, it was shut down.
The virus attacks Windows-based computers by taking advantage of the EternalBlue vulnerability. EternalBlue is known as an “exploit” or “bug” in the Windows operating system that can be used to cause unexpected behavior. Although Microsoft had released security updates to address the EternalBlue issue when they became aware of the problem last March, the latest attack is a “new variant” of Petya that can circumvent previous software patches.
Once a single system has been infected, the ransomware has the ability to move from computer to computer on a network without users doing anything. The Petya virus also has the ability to utilize unprotected machines to access networking features and infect machines that have been previously protected. Because of these innovations, some security experts are referring to the new ransomware as GoldenEye.
It is well known that the EternalBlue exploit was developed by the NSA as part of its arsenal of cyberwarfare weaponry for use against the rivals of US imperialism. Due to a combination of recklessness and stupidity, however, the NSA’s arsenal servers were hacked earlier this year and the tools were stolen by as-of-yet unidentified hackers.
In April, an Internet group known as Shadow Brokers published information about the NSA arsenal, including details about exploits that take advantage of vulnerabilities in enterprise firewalls, anti-virus products and Microsoft software.
The Petya attack comes less than two months after the outbreak in early May of the WannaCry ransomware, which spread around the world in a similar manner. In that instance, the malware shut down hundreds of thousands of computers in more than 150 countries.
So far, the NSA has not acknowledged any responsibility for the malware code that has now disrupted the economy in countless countries and endangered the lives of millions of people on two separate occasions. Computer security experts are coming forward in increasing numbers to demand that the NSA work with specialists to help defend computer systems from the destructive mayhem that the agency has unleashed upon society.
Although no one has taken responsibility for the latest epidemic, the location and timing of the Petya attack—centered in Ukraine and launched one day before a holiday marking the break of Ukraine from the USSR—points to possible political motivations. Some media outlets, as well as the Ukrainian government, have begun making well-worn and unsubstantiated allegations about “Russian hacking.”
DISCLAIMER: The statements, views and opinions expressed in pieces republished here are solely those of the authors and do not necessarily represent those of TMS. In accordance with title 17 U.S.C. section 107, this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. TMS has no affiliation whatsoever with the originator of this article nor is TMS endorsed or sponsored by the originator. “GO TO ORIGINAL” links are provided as a convenience to our readers and allow for verification of authenticity. However, as originating pages are often updated by their originating host sites, the versions posted may not match the versions our readers view when clicking the “GO TO ORIGINAL” links. This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a ‘fair use’ of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond ‘fair use’, you must obtain permission from the copyright owner.