Victims of the NotPetya ransomware attack can’t get at their own computer data even if they pay the ransom.
NotPetya is an attack on a grand scale causing a huge amount of disruption. Many victims are large companies in Europe. It has also hit American businesses. You may see this referred to elsewhere as Petya.
At the time of writing the impact on New Zealand doesn’t appear to be major. But then, unlike other countries, there is no compulsory attack notification here. That gives local companies lee-way to paper over their security cracks.
CertNZ offers advice for New Zealand. It includes the usual, but always wise, call to make sure everything is patched up-to-date.
Give us your Bitcoins
Computers hit with the malware show a message demanding a ransom payment of around NZ$500 in Bitcoin. There’s a mail address for victims to use when confirming their payment. The mail service provider has since shut-down the account.
Whatever the rights and wrongs of that action, it makes life even harder for the victims. They can no longer contact the attacker to get the decryption key needed to unlock their data.
NotPetya first emerged in Ukraine. Early reports there say it hit the nation’s government, banks and utilities. It appears that country has suffered more than elsewhere.
This may, or may not be coincidence. Ukraine blamed earlier attacks on the nation’s infrastructure on Russian organisations. There’s some evidence of Russian state involvement. There is a slow-burn war between the two countries.
Some analysts say the recent attack uses a revamped version of an earlier ransomware. Others suggest it is a new form of ransomware not seen before.
NotPetya is the second huge ransomware attack in as many months. It won’t be the last. These look set to be a regular feature of modern life. Think of it as a new normal.
Last month’s WannaCry ransomware affected 230,000 computers. Among other things it damaged the UK’s National Health Service computers. Spain’s main telco and German state railways were also on the receiving end.
A Symantec press release says the new attack uses the same EternalBlue exploit as WannaCry. America’s National Security Agency developed EternalBlue and used it for five years.
WannaCry used mail systems to infect computers. It appears that’s not the way NotPetya is spreading. It is what security people describe as a worm. That is, a program that makes copies of itself to spread to other computers.
NotPetya, not kill switch
Defenders saw off WannaCry when researchers found a software kill switch. This meant they could turn it off. There is no kill switch in NotPetya.
As you’d expect Symantec says its software protects its customers against the attack. The company says it is not yet clear if this attack targets specific victims. Worms are hard to target, the criminals set them up and let them wreak havoc.
Ransomware is big business for the criminal gangs behind the attacks. It also fuels the computer security industry which grown 30-fold in the past ten years. Today it has an annual turnover of more than $100 billion.