GRI Current Events Blog

NotPetya Cyberattack spreads globally and wreaks havoc on commerce

GRI Research Assistant

Jul. 1, 2017

On June 27, companies around the world began reporting that their computer systems had been breached by a ransomware attack known at the NotPetya virus. The virus works by locking down the hard drives of infected computers and demanding a $300 ransom in Bitcoins, an electronic currency that allows for anonymous transactions. About 12,500 machines running older versions of Windows in the Ukraine were initially targeted but the malware quickly spread to infect companies from over 64 countries. At least 45 people have paid to have their computers unlocked. The variety of organizations and systems that have been hit range from large international businesses including Russian energy company Rosneft and Danish shipping company Maersk, to the metro system in Kiev, and the monitoring system of Chernobyl’s nuclear power plant. The impact on Maersk shipping, who handles one in seven containers worldwide, has been especially severe, with ports in Mumbai, Rotterdam, and LA experiencing disruptions; the company has also been unable to process orders, and its 76 terminals are experiencing increasing congestion.

aersk container ship at Gothenburg Port (Wikimedia/Marcusroos)

Maersk container ship at Gothenburg Port (Wikimedia/Marcusroos)

The NotPetya ransomware attack has been reported at a broad range of companies throughout Europe, Asia, and the United States. It appears that the attack is designed to target companies and organizations’ computer systems over individual users. The top three sectors attacked were: Finance – 30% of attacks, Oil & Gas – slightly more than 25%, and manufacturing – slightly less than 25%. These attacks pose a large threat critical infrastructure and industrial companies because they can undermine process controls and automation systems, and potentially place lives at risk. About 60% of attacks are estimated to have occurred in Ukraine, and 30% of attacks have occurred in Russia. As seen in the Maersk breach, the virus has demonstrated the potential to delay shipments, causing economic damage and logistical nightmares for supply chain systems.

Security experts suspect that this is a new variant of a previously known Petya ransomware, spread using the “Eternal Blue” windows vulnerability that was discovered and used as a hacking tool by the NSA, prior to being leaked to the public.  The malware is thought to have originated with a Ukrainian tax-filing software MEDoc, with the software’s update system having been compromised to download and run malware instead of the actual update. Kapersky researchers refer to it as “NotPetya.” Malware experts have reached a consensus that NotPetya is a “wiper” designed to inflict permanent damage, as opposed to traditional ransomware designed to extract profit; users who paid were unable to recover their files. Matthieu Suiche, founder of Comaelo Technologies argues that this was an attempt to control the media narrative behind the attack, and redirect attention toward hacking groups and away from potential nation states.

Sources and Further Reading

  1. More than 50% of organizations attacked by ExPetr (Petya) cryptolocker are industrial companies – Kapersky Lab
  2. More than half of major malware attack’s victims are industrial targets – TechCrunch
  3. Crime Group Behind ‘Petya’ Ransomware Resurfaces to Distance Itself From This Week’s Global Cyberattacks – Gizmodo
  4. Global cyberattack: What you need to know – CNN
  5. Global Ransomware Attack: What we know and Don’t Know – New York Times
  6. Global businesses dig out from latest cyber-attack – Reuters
  7. Tax software blamed for cyber-attack – BBC


Add Comment



Related

The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is funding these cross-college research teams for 1-2 years.
The Global Resilience Institute (GRI) at Northeastern University is excited to announce the funding of 11 interdisciplinary resilience research projects tackling a wide array of critical resilience issues. GRI is…
Distinguished Senior Fellows
The Global Resilience Institute (GRI) at Northeastern University looks forward to drawing on the extensive expertise of four recently appointed Distinguished Senior Fellows. Each of the fellows brings a wealth…
Boston City Hall | By AlexiusHoratius (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0)], via Wikimedia Commons
Boston’s first strategy for advancing resilience and racial equity across the city, Resilient Boston: An equitable and connected city, was unveiled by Mayor Marty Walsh on Thursday. “Our engagement with race…

Security and Resilience Studies Masters Program

Northeastern's MS SRS program prepares the next generation of security leadership to address an evolving array of 21st century challenges.

Learn More

sync

Latest Library Entries

Our Mission

The Global Resilience Institute is committed to informing and advancing societal resilience around the world. Individuals, communities, nations, and the systems they depend upon, can thrive only if they have the means to better withstand, recover from and adapt to the inevitable shocks and disruptive events of the 21st century. Our university-wide Institute is partnering with other leading academic research institutions, nonprofits and the public and private sectors to devise and apply practical, interdisciplinary innovations and solutions to resilience challenges.

Twitter