Petya Cyber Attack Likely Done by ‘State Sponsor’

The Petya and binary code. the Petya and ransomware concept Security.
The recent Petya cyber attack targeted Ukraine’s major infrastructure systems and networks. Experts believe state-sponsored actors carried out the hack.

Instances of ransomware attacks are only increasing. It seems like every week recently, news breaks of a new cyber attack, and each one has more serious ramifications than its predecessors.

In many such attacks, either the hackers themselves or cybersecurity experts manage to trace the origin of the hack.

Even when it relates to the demand for a ransom to decrypt the data blocked by the hackers, it is mostly asked for in Bitcoins, which becomes difficult to trace back.

The Bitcoins are not transacted through normal banking channels.

But the latest cyber attack, more commonly called the Petya attack, appears to be of a different genre altogether.

There have been instances before of hacking cases where a country’s government entities would be deliberately broken into, and a message would usually lead the victims to believe the attack was orchestrated by an enemy country.

But here, by the very nature of the hit, many are speculating that this cyber attack might have been carried out either directly by state actors, or by third-party hackers that are sponsored by a state.

The Reasoning behind the Accusation

Analysts appear to have a solid rationale for determining the Petya attack was the handiwork of a state-sponsored hacking group.

The main reason is the way in which the attack was mounted, targeting Ukraine more than other victim countries.

Reports indicate that Ukraine owns around one-third of the systems directly affected by the Petya ransomware attack.

Considering the attack touched close to 60 or more nations, the concentration of such a high percentage of systems in one country raises questions about the hackers’ intentions.

This is further reinforced by the fact that the cyber attack targeted networks that are crucial Ukraine’s important infrastructure.

An airport in capital city Kiev, top energy firms’ systems, the central bank and major transport companies bore the brunt of the cyber attack.

The Chernobyl nuclear power plant had to result to manually checking for radiation leaks.

All these are undoubtedly aimed at crippling the country of Ukraine to a virtual halt.

Disproportionate Ransom Demand

Doubts are being raised over the way in which those who mounted this massive cyber attack behaved when it came to their ransom demand.

They raised a demand for a meager $10,000 for decrypting. Interestingly, the software meant to decrypt the data also did not function.

These clues further lead experts to the conclusion that the real intention behind this cyber attack was quite different from what it appeared.

Ukraine Has Been Targeted Before

Ransomware Cyber Attack with hand on keyboard
Cyber attack targeted networks that are crucial Ukraine’s important infrastructure.

The ongoing political tussle between Russia and Ukraine is well known, and Ukraine has been a victim of hacking from Russian entities in previous cases.

However, this is perhaps one of most severe attacks. Since infrastructure services were targeted, the intensity of this particular cyber attack definitely leaves little doubt that it must have been executed at the behest of Russia.

NATO Steps In

NATO, the multi-national umbrella security organization, has taken note of this cyber attack in many of its member countries, particularly Ukraine.

The cyber defense body attached to NATO has come out with a clear statement that the attack was either directly mounted by state actors or by those sponsored by a state.

Obviously, the statement did not name Russia, but that’s how it always goes.

The analysis put forward here quoted experts noting that the cost of mounting such a massive cyber attack would have been heavy, and the first demand for ransom would be sufficient to compensate even that.

Moreover, experts draw attention to the fact that the malware used in this cyber attack makes an attempt to overwrite the master boot record of the systems it infects, apart from encrypting the data.

This also confirms that if anyone still had doubts, the Petya attack’s only intention was to cause severe damage to Ukraine, without much profit in doing so.

NATO has gone on to call this a violation of Ukraine’s sovereignty, and there have to be countermeasures mounted in retaliation.

These actions haven’t been defined, but the coming weeks may reveal if the international community can actually do something to stop such daring acts of sabotage.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.