Tech

That “ransomware” attack was really a cyberattack on Ukraine

According to Kaspersky, the Petya ransomware that raced around the world this week wasn’t ransomware at all, and there is no way to get back your files after it does its work (that’s why it was so easy to shut down the email address the ransomware used to negotiate payments and decryption with victims whose computers had been taken over).

This Petya strain is much more professional than the original Petya worm, and far superior to the last ransomware worm, Wannacry.

Kaspersky concluded that this Petya was a "wiper" that made the files it attacked unrecoverable, sending random numbers to people who paid the ransom.

This Petya strain, which researchers are calling Pnyetya, seemed to seek out Ukrainian computers, identifying them by seeking evidence of a program that every Ukrainian business needs to run as part of the national tax payment system.

Russian state hackers have used Ukraine as the testbed for its cyberwar development effort.

In fact, everyone that does business requiring them to pay taxes in Ukraine has to use MeDoc (one of only two approved accounting software packages.) So an attack launched from MeDoc would hit not only Ukraine’s government but many foreign investors and companies.

Play Video

Play

Loaded: 0%

Progress: 0%

Remaining Time -0:00

This is a modal window.

Foreground — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Opaque

Background — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Transparent Transparent

Window — White Black Red Green Blue Yellow Magenta Cyan — Opaque Semi-Transparent Transparent

Font Size 50% 75% 100% 125% 150% 175% 200% 300% 400%

Text Edge Style None Raised Depressed Uniform Dropshadow

Font Family Default Monospace Serif Proportional Serif Monospace Sans-Serif Proportional Sans-Serif Casual Script Small Caps

Defaults Done

Comments are closed.