Cipherman who doesn't need money
The return of a Petya-like cryptographer is already fully analyzed by security specialists. Among the first wave of expert assessments, it is worth highlighting the view that the main task (as part of this attack) could have been not to extort money, but to damage IT systems.
/ photo by Adam Foster CC
This assessment is given by independent experts and information security specialists from the scientific community (for example, the University of California at Berkeley).
')
The fact is that the organization of "fundraising" left much to be desired. Each coder's “victim” was given the same Bitcoin address. Such an approach is very rarely used by those who really want to get something - modern “cryptographer-extortionists” generate a new address for each “victim”.
An ordinary email-box was offered as a channel for communication, located in Germany at the local provider Posteo. As soon as the attack gained momentum, the box was closed. Thus, even those who transferred money could not get a “decoder”.
On the other hand, experts emphasize the multi-vector nature of the attack and the overall complexity of the cryptographer. From a technological point of view, NotPetya is made at a very high level and uses EternalBlue and EternalRomance, which exploit a vulnerability in the Windows implementation of the SMB protocol (many companies have ignored the corresponding patch ).
While we were preparing this note, other expert opinions appeared that confirmed the assumptions of colleagues. Petya-2017 produces an irreversible effect, which is fundamentally different from the behavior of Petya-2016, which allowed to make a "rollback" to the original state.
Experts say that the "disguise" under the "cryptographer-extortionist" could be used in order to get the widest coverage in the media, by analogy with WannaCry.
Materials on the topic on Habré:
Additional reading - our materials:
/ photo by Adam Foster CCThis assessment is given by independent experts and information security specialists from the scientific community (for example, the University of California at Berkeley).
')
The fact is that the organization of "fundraising" left much to be desired. Each coder's “victim” was given the same Bitcoin address. Such an approach is very rarely used by those who really want to get something - modern “cryptographer-extortionists” generate a new address for each “victim”.
An ordinary email-box was offered as a channel for communication, located in Germany at the local provider Posteo. As soon as the attack gained momentum, the box was closed. Thus, even those who transferred money could not get a “decoder”.
On the other hand, experts emphasize the multi-vector nature of the attack and the overall complexity of the cryptographer. From a technological point of view, NotPetya is made at a very high level and uses EternalBlue and EternalRomance, which exploit a vulnerability in the Windows implementation of the SMB protocol (many companies have ignored the corresponding patch ).
While we were preparing this note, other expert opinions appeared that confirmed the assumptions of colleagues. Petya-2017 produces an irreversible effect, which is fundamentally different from the behavior of Petya-2016, which allowed to make a "rollback" to the original state.
Experts say that the "disguise" under the "cryptographer-extortionist" could be used in order to get the widest coverage in the media, by analogy with WannaCry.
Materials on the topic on Habré:
- How to beat the Petya virus
- Technical details of the new global attack
- New virus threat for companies in Russia and Ukraine
- Ukraine has undergone the largest in the history of cyber attack virus Petya
Additional reading - our materials:
Source: https://habr.com/ru/post/330582/
All Articles