Was Russia behind the Petya Ransomware?

Last week, we wrote about a cyber attack on European and American businesses, identified as a new form of the Petya ransomware. Originating in Ukraine and affecting the country most severely, the Ukrainian government have today blamed the attack on Russia.

The SBU, Ukraine’s security services, claims to have evidence that suggests Russian security services were behind last week’s destructive cyber attack, a new version of the Petya virus dubbed NotPetya or GoldenEye. It isn’t just the Ukrainian government, though – they have the backing of antivirus companies from all over the world.

The SBU said: "The available data, including those obtained in cooperation with international antivirus companies, give us reason to believe that the same hacking groups are involved in the attacks, which in December 2016 attacked the financial system, transport and energy facilities of Ukraine using TeleBots and BlackEnergy… This testifies to the involvement of the special services of Russian Federation in this attack."

Spreading much faster than the WannaCry ransomware did back in May, it’s also believed that the NotPetya virus is actually malware, not ransomware. Security experts believe that the primary purpose of the virus is to cause widespread disruption, as there were no clear instructions about where to send payment to. The attack hit the day before Constitution Day in Ukraine, and 60% of the infected machines were in the country. But four of the other companies that were hit and lost swathes of data – FedEx, Merck, Cadbury and AP Moller-Maersk – are worth a combined $130 billion.

The revelation that the primary aim was to cause mayhem is hardly surprising, as governments have, in the past, engaged in cyber-warfare. North Korea displayed their hacking capabilities by leaking Sony’s emails back in 2015, and the US is still getting to grips with Russian interference in the 2016 presidential election. 

data recovery specialists