2 min read

NotPetya ransomware attack, New Zealand view

Victims of the NotPetya ransomware attack can't get at their own computer data even if they pay the ransom.

NotPetya [1] is a malware attack on a grand scale. It has caused a huge amount of disruption. Many victims are large companies in Europe. It has also hit American businesses.

At the time of writing, the impact on New Zealand doesn't appear to be major. But then, unlike other countries, there is no compulsory cybersecurity incident reporting here. That gives local companies lee-way to paper over their security cracks.

CertNZ offers advice for New Zealand. It includes the usual, but always wise, call to make sure everything is patched up-to-date.

Give us your Bitcoin

Computers hit with the malware show a message demanding a ransom payment of around NZ$500 in Bitcoin. There's a mail address for victims to use when confirming their payment. The mail service provider has since shut-down the account.

Whatever the rights and wrongs of that action, it makes life harder still for the victims. It means they can no longer contact the attacker to get the decryption key needed to unlock their data.

NotPetya first emerged in Ukraine. Early reports there say it hit the nation's government, banks and utilities. It appears that country has suffered more than elsewhere.

Russians fingered

This may, or may not be coincidence. Ukraine blamed earlier attacks on the nation's infrastructure on Russian organisations. There is evidence of Russian state involvement. There is a slow-burn war between the two countries.

Some analysts say the recent attack uses a revamped version of an earlier ransomware. Others suggest it is a new form of ransomware not seen before.

NotPetya is the second major ransomware attack in as many months. It won't be the last. Ransomware looks set to be a regular feature of modern life.

Think of it as a new normal.

Last month's WannaCry ransomware attack affected 230,000 computers. Among other things it damaged the UK's National Health Service computers. Spain's main telco and German state railways were also on the receiving end.

A Symantec press release says the new attack uses the same EternalBlue exploit as WannaCry. America's National Security Agency developed EternalBlue and used it for five years.

WannaCry used mail systems to infect computers. It appears that's not the way NotPetya is spreading. It is what security people describe as a worm. That is, a program that makes copies of itself to spread to other computers.

NotPetya, not kill switch

Defenders saw off WannaCry when cybersecurity researchers found a software kill switch. This meant they could turn it off. There is no kill switch in NotPetya.

As you might expect Symantec claims its software protects its customers against the attack. The company says it is not yet clear if this attack targets specific victims. Worms are hard to target, the criminals set them up and let them wreak havoc.

Ransomware is big business for the criminal gangs behind the attacks. It also fuels the computer security industry which grown 30-fold in the past ten years. Today it has an annual turnover of more than $100 billion.


  1. You may see the attack referred to elsewhere as Petya. ↩︎