Contact
QR code for the current URL

Story Box-ID: 860509

IBM Deutschland GmbH Schönaicher Str. 220 71032 Böblingen, Germany http://www.de.ibm.com
Contact Mr Hans-Juergen Rehm +49 7034 151887
Company logo of IBM Deutschland GmbH

Investigations Reveal Hidden Intent Behind "Petya" Malware Outbreak

(PresseBox) (Ehningen, )
Deeper analysis of the global cyber attacks this week has led IBM security analysts to conclude that these attacks were intended as destructive attacks against Ukraine – the ransomware component appears to have been a way for hackers to hide the true intent of the attack, rather than to make money from ransom payouts.

IBM X-Force IRIS has outlined the evidence behind this analysis in a security intelligence blog here:  https://securityintelligence.com/a-wiper-in-ransomware-clothing-global-attacks-intended-for-destruction-versus-financial-gain/

In brief:  
  
  • Evidence shows this attack was designed to permanently disable as many machines as possible rather than for financial gain:
  • The information provided in the “ransomware” is not accurate or relevant to unlocking any affected machine - it is incapable of relaying the information the attacker would need to provide the correct decryption key
  • The design of the attack suggests that it was carried out by a technically skilled group of cybercriminals, yet the “ransomware” components showed little to no expertise or intent to produce financial gains. Despite the global spread of the malware, IBM Security researchers also believe that this attack was specifically targeted at Ukraine
  • The compromised websites and software used to initiate the infection were clearly aimed at Ukrainian users – including tax software used specifically for organizations doing business in Ukraine, as well as planting malicious code within Ukrainian specific website.
  • In fact, “patient zero” (the initially infected machine) in all of the impacted organizations IBM has analyzed has been based in the Ukraine
Please let me know if you'd like to speak with an expert from IBM Security about these attacks.

New Blog Postfrom Mike Oppenheim, Global Research Lead, IBM X-Force IRIS (June 29 at 5pm ET, New York time) https://securityintelligence.com/a-wiper-in-ransomware-clothing-global-attacks-intended-for-destruction-versus-financial-gain/

Original Blog from June 27 and June 28 recapping Petya variant attacks from Diana Kelley, Global Executive Security Advisor, IBM Security
Link: https://securityintelligence.com/petya-werent-expecting-this-ransomware-takes-systems-hostage-across-the-globe/

Website Promotion

Website Promotion
The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.
Important note:

Systematic data storage as well as the use of even parts of this database are only permitted with the written consent of unn | UNITED NEWS NETWORK GmbH.

unn | UNITED NEWS NETWORK GmbH 2002–2024, All rights reserved

The publisher indicated in each case (see company info by clicking on image/title or company info in the right-hand column) is solely responsible for the stories above, the event or job offer shown and for the image and audio material displayed. As a rule, the publisher is also the author of the texts and the attached image, audio and information material. The use of information published here is generally free of charge for personal information and editorial processing. Please clarify any copyright issues with the stated publisher before further use. In case of publication, please send a specimen copy to service@pressebox.de.