NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.
Note
that Shamoon actually deleted files, NotPetya goes about it slightly
different, it does not delete any data but simply makes it unusable by
locking the files and then throwing away the key. The end result is the
same.
Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.
You
never had a chance to recover your files. There are several technical
indicators that NotPetya was only made to look as ransomware as a smoke
screen:
- It never bothers to generate a valid infection ID
- The Master File Table gets overwritten and is not recoverable
- The author of the original Petya also made it clear NotPetya was not his work
This
has actually happened earlier. Foreshadowing the NotPetya attack, the
author of the AES-NI ransomware said in May he did not create the XData
ransomware, which was also used in targeted attacks against Ukraine.
Furthermore, both XData and NotPetya used the same distribution vector,
the update servers of a Ukrainian accounting software maker.
Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated:
"The consensus on NotPetya has shifted dramatically in the past 24
hours, and nobody would be wrong to say that NotPetya is on the same
level with Stuxnet and BlackEnergy, two malware families used for
political purposes and for their destructive effects. Evidence is
clearly mounting that NotPetya is a cyber-weapon and not just some
overly-aggressive ransomware."
Cybersecurity has moved from Tech to a CEO and Board-level business issue
You
did not sign up for this, but today it is abundantly clear that as an
IT pro you are have just found yourself on the front line of 21-st
century cyber war. Cybersecurity has moved from Tech to a CEO and
Board-level business issue.
I strongly suggest you have another look at your defense-in-depth, and make sure to:
- Have weapons-grade backups
- Religiously patch
- Step users through new-school security awareness training