CIA Concludes Russia was behind NotPetya

This week the CIA revealed that they belive it was Russia behind the NotPetya attacks that hit in June 2017. They used an attack vector know as a “Watering Hole”. This method infects a website in which they know their targets will be visiting.

In the case of NotPetya the website was a Ukrainian site that deployed updates for tax and accounting software. One the malware had been deployed it appeared to be a ransomware attack. But unlike WannaCry , NotPetya wiped and erased all information on the infected system. This means the attacker where not after money. It was a disruptive nuance attack that could have potently erased a large amount of sensitive data.

There has been increasing tension between Russia and Ukraine and considering that Russia has increased it level of aggression in recent months it comes as no surprise that they have begun lunching cyber attacks on this scale.



Why WannaCry Killed Ransomware

When WannaCry hit the affect it had on such a wide range of individuals was almost unprecedented. And the aftermath as a result has had a detrimental effect on future ransomware.

An attack on this scale not only brought a huge amount of media attention, but unlike many other virus attacks WannaCry became a house hold name. Not only was it effecting ATM machines and the NHS but other companies were forced to send staff home as they were unable to operation do to the virus.

Although the total amount paid to the attacker is still unclear, it is much less than it should have been. Due to security researchers speedy response many users effected were able to avoid paying the hefty ransom. Unfortunately for any would be cyber criminals, WannaCry appears to have killed ransomware as a viable option of attack.

Because of the publicity received by WannaCry, people were made aware of these types of attacks. And security vendors such as Bitdefender soon implemented an anti-ransomware feature into their products. This features stops unauthorised applications making changes to the computer in areas they have not been given permission to.

I personally feel that if WannaCry had not have effected so many across the globe then ransomware would still be a relatively effective method of cyber-crime. But due to people’s awareness becoming greater and security vendors taking action. There are numerous sites on the internet offering guides of how to ‘defend’ against a ransomware attack, and the most common tip is to make regular backups. This method relays on the back up remains unaffected by the virus, but ultimately would alow for the user to restore their system and avoid paying the fee.

Another solution that I have seen online is to use cloud based services such as OneDrive and Google Drive. If a users personal data is backed up to a cloud service then in the event of a ransomware attack it will agin remain unaffected.

Granted the solutions mentioned are not the best method for a larger organisation as a cloud based services could potentially be unviable depending on the size of the organisation. And to have a complete back up of every system within a large business is again not the easier thing to achieve.

While there maybe be future ransomware attacks, hopefully the number affected this time around will be significantly less than WannaCry. And my hope would be that with the increased publicity around ransomware individuals and organisation have taken the steps and precautions to protect them self and their systems from an attack of these natures.

UK Goverment Confirms WannaCry Speculation

Last week reports emerged of the UK government confirming their suspicions of WannaCry being a state sponsored attack involving North Korea.

Earlier this year, just after WannaCry came to prominence I wrote an article What is WannaCry.  In which I speculated due to the nature and style of attack, it did not appear to follow the traditional Ransomware style. What I mean by this is, from the outset WannaCry was targeting and effecting core infrastructure as well as the Public sector in the UK. Resulting in WannaCry becoming somewhat of a disruption, as a rule Ransomware attacker aim to make the process of decrypting the data as smooth and straight forward for the victims as possible. This is likely due to them being after one thing, money. Mozilla conducted an investigation as part of there Online Life is Real Life podcast series a from their investigation they rated Ransomaware customer services. This highlights how the process of ransomware cannot be to complicated as it will reduce and limited their overall ability to collect the ransom

But there are numerous article floating around the web that indicate WannaCry made between $20,000 – $100,000. For an attack of this level that impacted hundreds of thousand of people it was a very poor take.
But the level of chaos and “denial of service” that WannaCry caused indicated to myself that their was more to it than just the money. I am aware that the traditional sence a denial of service or DDoS is targeting web services and flooding them with packets. But in this case WannaCry effected ATM machine as well as computer within hospitals, effectively denying service to them.

Of course the North Koreans released a statement to the effect of them having no involvement and that these accusations are nothing but wild speculation. But it is important to consider that this “speculation” was floating around from the beginning of WannaCry and was stated by a number of security research teams that looked into WannaCry. As well as this, the UK government would not make these accusations without a substantial level of evidence.

The north Koreans have in te past been accused of other attacks, mainly the attack on Sony. This attack was alleged to have happened due to the upcoming release of movie The Interview.

Please let me know your views on the North Koreans involvment in WannaCry in the comments below.