Ukraine’s computer infrastructure was the likely target of a virus that swept across the globe this week putting a halt on businesses, factories, offices and ports in 60 countries.
Just as the WannaCry ransom attackers in May demanded money for the code to unlock their computers, the new virus labelled ‘NotPetya’ used malicious code to demand victims pay a $300 ransom. Thousands of computers were crippled by what is thought to be a worm.
According to a Reuters report, nobody is sure where the new virus or worm originated, but some politicians in Ukraine blamed Russia for the attack, however, Russia quickly denied it. Some cyber security researchers say the Kremlin’s two flagship energy companies were victims, so perhaps Moscow was not the culprit.
In response to the virus attack, the Australian Government’s Cyber Intelligence Agency has been given the power to shut down foreign criminal networks.
Australian Broadcasting Corporation (ABC) news reported that the Australian Signals Directorate has been directed to expand its cyber warfare operations from military matters to “disrupt, degrade, deny and deter” criminal syndicates creating computer viruses offshore. The new powers allow the Directorate to target the instigators of the new malicious NotPetya virus.
In a statement on Friday (June 30 2017), Australian Prime Minister Malcolm Turnbull said his government’s response to criminal cyber threats ‘should not just be defensive’.
“We must take the fight to the criminals,” he said.
Mr Turnbull said his government would target criminals ‘wherever they sought to hurt Australians’, but he said the public, including businesses, also had a role to play presumably by protecting their computers from attack using the latest patches and virus removal software.
He also said industry needed to work with governments to harden their computer’s defences, even though it was ‘inconvenient, frustrating and expensive’ to install computer virus protection software.
Technically, the NotPetya virus seemed more targeted than WannaCry. When the WannaCry virus first attacked computers it randomly scanned the global internet for vulnerable machines. By contrast, NotPetya doesn’t do this, instead it only spreads itself inside networks, exploiting a variety of legitimate network admin tools. This makes it far harder for computer virus protection software or network security technicians to detect it. This also allows it to infect other Windows computers, what’s more, it includes even those with the very latest patches.
A New York Times report on the latest ransomware attack says in the Ukraine capital Kiev, automatic teller machines stopped working and about 128 kilometers away workers had to manually monitor radiation at the old Chernobyl nuclear plant when computers failed.
Help desks and technical support workers were flooded with calls for help, and IT tech managers at large and small companies around the globe struggled to respond. Even in Tasmania, the giant Cadbury chocolate factory was attacked.
Reuters reported that a top Ukrainian police official said the NotPetya extortion demands were probably a ‘smokescreen’ or, as cyber experts concluded, a ‘wiper’ disguised as computer ransomware, used for destroying computer data and wiping hard disks.
It was likely that the new virus, which was modified to encrypt all data and make decryption impossible, was meant to install new malware, according to the Reuters report.
A worrying scenario by ISSP chairman Oleg Derevianko reported by Reuters was, that it was likely that during this virus attack new attacks were set up.
Ukraine’s National Security and Defence Council Secretary Oleksandr Turchynov believed the virus was spread via an update from accounting services and business management software.