News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • PetyaWrap was designed to make headlines, not to make money

    Posted on June 28th, 2017 at 20:10 woody Comment on the AskWoody Lounge

    … and it certainly succeeded.

    Security researcher Matt Suiche has published more details about PetyaWrap (NyetPetya, Petya.2017, choose your favorite cute name) that show quite conclusively that the person/organization behind PetyaWrap wasn’t interested in making money — they just wanted to make a big splash. Suiche calls it a “wiper,” as opposed to ransomeware:

    The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration.

    Dan Goodin at Ars Technica has a new analysis that strengthens Suiche’s conclusion: Tuesday’s massive ransomware outbreak was, in fact, something much worse:

    the payload delivered in Tuesday’s outbreak wasn’t ransomware at all. Instead, its true objective was to permanently wipe as many hard drives as possible on infected network…

    Tuesday’s malware was impressive. It used two exploits developed by and later stolen from the National Security Agency. It combined those exploits with custom code that stole network credentials so the malware could infect fully patched Windows computers. And it was seeded by compromising the update mechanism for M.E.Doc, a tax-filing application that is almost mandatory for companies that do business in Ukraine. The shortcomings in the ransomware functions aren’t likely to be mistakes, considering the overall quality of the malware.

    If the intent of the PetyaWrap author(s) was to sow fear of Windows, they certainly succeeded. Because of the way PetyaWrap infects, very few of you have been hit. The next version may not be so kind.

    Chromebooks are looking better every day.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums PetyaWrap was designed to make headlines, not to make money

    Tagged: 

    This topic contains 18 replies, has 10 voices, and was last updated by

     windows7forever 1 year, 8 months ago.

    • Author
      Posts
    • #122572 Reply

      woody
      Da Boss

      … and it certainly succeeded. Security researcher Matt Suiche has published more details about PetyaWrap (NyetPetya, Petya.2017, choose your favorit
      [See the full post at: PetyaWrap was designed to make headlines, not to make money]

      2 users thanked author for this post.
    • #122585 Reply

      jelson
      AskWoody Lounger

      Intriguing… the question that leaps immediately to mind is why would someone want to sow havoc on companies that do business in the Ukraine?

       

      • #122586 Reply

        Kirsty
        Da Boss

        From New York Times:

        …what began as a strike at Ukraine later and perhaps inadvertently spread to other countries merely as collateral damage.

        The timing of the attack was suspect in another way, coming after a rare stretch of upbeat news in Ukraine. Last week, the European Union waived visa requirements for Ukrainians, at least those few fortunate enough to have the means to travel.

        Cybersecurity experts said that whoever launched the assault — on the eve of a holiday celebrating Ukrainian independence — must have known that M.E.Doc software, which is integrated into Ukrainian government computers, was their gateway.

        “You don’t hit the day before Constitution Day for no reason,” said Craig Williams…

        The article goes on to discuss possible political reasons that may lie behind the attack.

        4 users thanked author for this post.
      • #122606 Reply

        MrBrian
        AskWoody_MVP

        From How An Entire Nation Became Russia’s Test Lab for Cyberwar (June 20, 2017):

        “Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.”

        3 users thanked author for this post.
    • #122596 Reply

      Kirsty
      Da Boss

      From zdnet.com:
      On Wednesday, NATO Secretary General Jens Stoltenberg said the collective defence article in the North Atlantic Treaty could be invoked in the face of a cyber attack.

      We have also decided that a cyber attack can trigger Article 5 and we have also decided — and we are in the process of establishing — cyber as a military domain, meaning that we will have land, air, sea, and cyber as military domains,” he said.

      2 users thanked author for this post.
    • #122601 Reply

      Jan K.
      AskWoody Lounger

      My local company, Maersk, certainly makes enough billions in pure profit and it shouldn’t be a problem for them to pay the $300 “fine”…

      No, it’s pure terrorism.

      “If the intent of the PetyaWrap author(s) was to sow fear of Windows, they certainly succeeded.

      Chromebooks are looking better every day.”

      Hmmm… google is behind all this?

      Or the penguin people perhaps? That shady, up to no good, bunch! 😛

      2 users thanked author for this post.
      • #122602 Reply

        windows7forever
        AskWoody Lounger

        Hmmm… google is behind all this?

        Or the penguin people perhaps? That shady, up to no good, bunch!

        That made my day!

        1 user thanked author for this post.
      • #122613 Reply

        rc primak
        AskWoody_MVP

        Alphabet/Google would simply buy the Ukraine if they wanted it. Besides, Google’s own Android is very vulnerable, especially since device owners don’t or even can’t upgrade and patch older models of some brands.

        Linux is used in the creation and execution of some malware attacks, and the targets can be servers running poorly patched Linux. Windows is not alone in being vulnerable. If everyone in Ukraine were running Macs, it would be some sort of Mac flaw which would be attacked.

        It is impossible for a modern Operating System to be written free of mistakes in the code. Way too many lines to test exhaustively.

        -- rc primak

        2 users thanked author for this post.
        • #122630 Reply

          windows7forever
          AskWoody Lounger

          The remarks you are replying to weren’t intended to be taken seriously.

          • #122727 Reply

            rc primak
            AskWoody_MVP

            I did suspect as much, but there are serious implications. My remarks are intended to be taken seriously, but not necessarily(directly or personally) by those to whom I am replying.

            -- rc primak

            1 user thanked author for this post.
            • #122729 Reply

              windows7forever
              AskWoody Lounger

              I didn’t mean to imply that you shouldn’t have made a serious reply to what was intended to be a humorous remark. You made some very good points.

              By the way, I really enjoyed your single not serious remark

              Alphabet/Google would simply buy the Ukraine if they wanted it.

      • #122632 Reply

        anonymous

        After seeing this, yeah you don’t want to be a penguin’s prey. It is no wonder fish get nervous.

        1 user thanked author for this post.
    • #122626 Reply

      anonymous

      Slightly off topic: Reading all this over and over again, new threats, new codes, same old nonsense as always… For me it is really depressing how we always end up discussing the why, the reasons behind anyone doing this kind of thing, when it is should be just unacceptable for someone to pull something akind…

      The internet was never a safe zone, but as time passed, the society itself has seen a whole lot of changes… The world is actually becaming a much better place, even if it is in a slow pace, there is development… But the internet… It’s pretty much in downfall, despite the efforts, we see day after day episodes like this, and the worst, we are all used to it… Perhaps that is why the NATO pronouncement feels quite in place… We are entering a very gruesome era for being wired to the web… Well, even more ominous if you are running Windows…

    • #122631 Reply

      SkipH
      AskWoody Lounger

      From my morning reading:

      http://www.networkworld.com/article/3204156/windows-server/choosing-windows-for-your-organization-should-get-you-fired.html

      http://www.csoonline.com/article/2926215/microsoft-subnet/richard-stallman-windows-os-is-malware.html

      Hope these links actually work…

      satrow edit: cleaned up the links, hope they still work…

      • This reply was modified 1 year, 8 months ago by
         satrow.
      • This reply was modified 1 year, 8 months ago by
         satrow.
    • #122675 Reply

      anonymous

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: PetyaWrap was designed to make headlines, not to make money

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: