ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    NotPetya Might Have Not Have Been an NSA Leak

    News
    nsa malware security
    6
    6
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • mlnewsM
      mlnews
      last edited by

      Forensics on the NetPetya releases might point to the malware coming from before the Shadow Broker release of the malware. Does this mean that the NSA has been compromised more than we think? Does it mean that the NSA is the attacker in these instances?

      Emad RE 1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403
        last edited by

        Well the goal wasn't for the money, it appears it was to destroy files.

        The wallet was tied to an email account, which the provider locked access too it. So while it's possible whoever created this just wanted to watch the world burn. It could've easily been a US cover up.

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @DustinB3403
          last edited by

          @DustinB3403 said in NotPetya Might Have Not Have Been an NSA Leak:

          Well the goal wasn't for the money, it appears it was to destroy files.

          The wallet was tied to an email account, which the provider locked access too it. So while it's possible whoever created this just wanted to watch the world burn.

          Sounds like the NSA to me.

          1 Reply Last reply Reply Quote 0
          • Reid CooperR
            Reid Cooper
            last edited by

            Of course, of course it was from another leak. Geesh.

            1 Reply Last reply Reply Quote 0
            • Emad RE
              Emad R @mlnews
              last edited by

              @mlnews

              More resources:

              "Although the worm is camouflaged to look like the infamous Petya ransomware, it has an extremely poor payment pipeline. There is a single hardcoded BTC wallet and the instructions require sending an email with a large amount of complex strings (something that a novice computer victim is unlikely to get right.) If this well engineered and highly crafted worm was meant to generate revenue, this payment pipeline was possibly the worst of all options (short of "send a personal cheque to: Petya Payments, PO Box …"). The superficial resemblance to Petya is only skin deep. Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of "ransomware."

              https://www.techpowerup.com/234772/petya-notpetya-the-ransomware-that-wasnt-actually-looking-to-ransom-anything

              1 Reply Last reply Reply Quote 1
              • stusS
                stus Vendor
                last edited by

                After monitoring this new outbreak for 24 hours, I came to the conclusion we were dealing with cyber warfare, and not ransomware. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.

                NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past. Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

                Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

                You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:

                • It never bothers to generate a valid infection ID
                • The Master File Table gets overwritten and is not recoverable
                • The author of the original Petya also made it clear NotPetya was not his work

                This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

                Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."

                Cybersecurity has moved from tech to a CEO and Board-level business issue

                You did not sign up for this, but today it is abundantly clear that as an IT pro you are have just found yourself on the front line of 21-st century cyber war. Cybersecurity has moved from tech to a CEO and Board-level business issue. I strongly suggest you have another look at your defense-in-depth, and make sure to:

                Have weapons-grade backups
                Religiously patch
                Step users through new-school security awareness training.

                1 Reply Last reply Reply Quote 4
                • 1 / 1
                • First post
                  Last post