Petya GDATA Ransomware

The UK government is laying the blame for last June’s NotPetya malware attack firmly on the doorstep of Russia. Authorities in the United Kingdom have directly accused the Russian government of involvement in the costly and disruptive attack.

Originally believed to be ransomware, NotPetya was actually a strange malware. It did not request any payment to stop attacking a machine. Microsoft said the Nyetya spread started with a legitimate MEDoc process. This is a tax accounting software developed by Ukraine-based company M.E.Doc.

However, it was later found the origin was malicious. Microsoft described the uniqueness of the malware because of its ability for multiple lateral movement. This means it could spread across a network when only a single machine is infected. Similar to WannaCry, “Petya” used SMB vulnerabilities, while also utilizing credential-dumping techniques. This means it can target passwords across machines.

No the UK is putting Russia as the culprit for the attack.

“The UK Government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017,” Foreign Office minister for Cyber Security, Tariq Ahmad, said in a statement.

“The attack showed a continued disregard for Ukrainian sovereignty. Its reckless release disrupted organisations across Europe, costing hundreds of millions of pounds.”

Blaming Russia

In an announcement today, the National Cyber Security Centre (NCSC) said the malware was pretending to be ransomware. Additionally, the Russian government was “almost certainly responsible” the NCSC said.

Foreign Office Minister of State with responsibility for Cyber, Lord (Tariq) Ahmad of Wimbledon, said:

“The UK Government judges that the Russian Government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack of June 2017.

“The attack showed a continued disregard for Ukrainian sovereignty.  Its reckless release disrupted organisations across Europe costing hundreds of millions of pounds.

“The Kremlin has positioned Russia in direct opposition to the West: it doesn’t have to be that way.  We call upon Russia to be the responsible member of the international community it claims to be rather then secretly trying to undermine it.

“The United Kingdom is identifying, pursuing and responding to malicious cyber activity regardless of where it originates, imposing costs on those who would seek to do us harm.