Those responsible for latest cyberattack may face criminal charges.
The Petya ransomware attack spread across Europe over the course of the past week and carried some varying strains, including NotPetya and Petrwrap. The category of ransomware for the secondary strains might have been a misnomer, though, as most reports indicate there is no mechanism for retrieving lost files, even if the hacker who received your payment was willing to do so.
A family affair?
Further investigations have traced the NotPetya ransomware back to a family-owned accounting software firm in the Ukraine. MeDoc issued updates to its software but the updates contained NotPetya, potentially infecting businesses both within the Ukraine and in other countries. In an interesting “we’re not playing around” move, the executives at MeDoc may face criminal charges rather than just the typical US response of monetary damages; reportedly, MeDoc had already been informed by multiple IT and anti-virus sources that its security protocols were nowhere close to adequate, but had not taken corrective action.
Same flaw, different attack
Interestingly, Petya et al are believed to have exploited the very same flaw that made WannaCry possible, one that was discovered by the US government’s National Security Administration. The NSA then chose to keep that discovery to themselves in order to take full advantage, using it themselves to hack into systems they wanted to monitor. (Thanks for that, guys…no really, thanks a lot.)
Sounds familiar
This is far from the first time a third-party is believed to be responsible for a highly detrimental and widespread attack. The practice of exploiting a smaller fish to get to numerous and bigger fish is hardly new, as the Target retail chain discovered back in 2013. In their infamous and multi-million dollar data breach that stole the credit card credentials for millions of customers, the HVAC company who serviced their air conditioners and refrigeration units in one region of the US was infected. That virus worked its way through the unsecured, unprotected network until it gained access to the POS system for Target.