Code in huge ransomware attack written to avoid computers that use Russian, says new report

Family unit of encrypting ransomware discovered in 2016

Petya

ASCII art of a skull and crossbones is displayed every bit part of the payload on the original version of Petya.[1]

Aliases GoldenEye
NotPetya
Nomenclature Trojan horse
Type Malware
Subtype Cryptovirus
Operating organization(s) afflicted Windows

Petya
is a family unit of encrypting malware that was offset discovered in 2016.[2]
The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a difficult drive’due south file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments. In June 2017, a new variant of Petya was used for a global cyberattack, primarily targeting Ukraine. The new variant propagates via the EternalBlue exploit, which is more often than not believed to have been developed by the U.South. National Security Bureau (NSA), and was used earlier in the year by the WannaCry ransomware. Kaspersky Lab referred to this new version as
NotPetya
to distinguish information technology from the 2016 variants, due to these differences in operation. In addition, although information technology purports to exist ransomware, this variant was modified so that it is unable to actually revert its own changes. The NotPetya attacks accept been blamed on the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organisation, past security researchers, Google, and several governments.[2]
[iii]
[4]
[five]

History

[edit]

Petya was discovered in March 2016;[half dozen]
Check Signal noted that while it had achieved fewer infections than other ransomware active in early 2016, such every bit CryptoWall, it independent notable differences in operation that caused it to exist “immediately flagged as the next step in ransomware evolution”.[1]
Another variant of Petya discovered in May 2016 contained a secondary payload used if the malware cannot achieve administrator-level admission.[6]

The name “Petya” is a reference to the 1995
James Bond
film
GoldenEye, wherein
Petya
is one of the two Soviet weapon satellites which deport a “Goldeneye”—an diminutive flop detonated in low Earth orbit to produce an electromagnetic pulse. A Twitter business relationship that
Heise
suggested may take belonged to the writer of the malware, named “Janus Cybercrime Solutions” afterward Alec Trevelyan’s crime group in
GoldenEye, had an avatar with an image of
GoldenEye
grapheme Boris Grishenko, a Russian hacker and antagonist in the moving picture played by Scottish actor Alan Cumming.[7]

On xxx August 2018, a regional court in Nikopol in the Dnipropetrovsk Oblast of Ukraine convicted an unnamed Ukrainian denizen to one year in prison house afterward pleading guilty to having spread a version of Petya online.[eight]
[9]
[10]

2017 cyberattack

[edit]

NotPetya’s ransom note displayed on a compromised system

On 27 June 2017, a major global cyberattack began (Ukrainian companies were amid the first to state they were being attacked[11]), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in French republic, Germany, Italian republic, Poland, the Great britain, and the U.s., but that the majority of infections targeted Russia and Ukraine, where more than than 80 companies were initially attacked, including the National Bank of Ukraine.[11]
[12]
ESET estimated on 28 June 2017 that lxxx% of all infections were in Ukraine, with Frg second hardest striking with near 9%.[13]
Russian president Vladimir Putin’s press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia.[xiii]
Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.[14]
[15]

Kaspersky dubbed this variant “NotPetya”, as it has major differences in its operations in comparison to before variants.[11]
McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that information technology had been targeting “complete energy companies, the power filigree, bus stations, gas stations, the aerodrome, and banks”.[eleven]
[xvi]

It was believed that the software update mechanism of M.E.Doc [britain]—a Ukrainian taxation grooming program that, co-ordinate to F-Secure annotator Mikko Hyppönen, “appears to be de facto” amidst companies doing business in the country—had been compromised to spread the malware.[13]
[17]
[18]
Analysis by ESET establish that a backdoor had been nowadays in the update arrangement for at least vi weeks prior to the attack, describing it as a “thoroughly well-planned and well-executed operation”.[xix]
The developers of K.East.Doc denied that they were entirely responsible for the cyberattack, stating that they too were victims.[17]
[20]
[21]
[22]

On 4 July 2017, Ukraine’south cybercrime unit seized the company’southward servers afterwards detecting “new activity” that it believed would result in “uncontrolled proliferation” of malware. Ukraine police brash M.E.Doc users to stop using the software, as it presumed that the backdoor was nevertheless nowadays.[19]
[23]
Analysis of the seized servers showed that software updates had non been applied since 2013, there was evidence of Russian presence, and an employee’s account on the servers had been compromised; the head of the units warned that M.Due east.Doc could be institute criminally responsible for enabling the assail because of its negligence in maintaining the security of their servers.[19]
[22]
[24]

Popular:   DXRacer Craft Custom Gaming Chair review

Functioning

[edit]

Petya’s payload infects the computer’s master boot record (MBR), overwrites the Windows bootloader, and triggers a restart. Upon startup, the payload encrypts the Master File Table of the NTFS file arrangement, and and then displays the bribe bulletin demanding a payment made in Bitcoin.[6]
[25]
[26]
Meanwhile, the computer’southward screen displays text purportedly output by chkdsk, Windows’ file system scanner, suggesting that the hard drive’s sectors are beingness repaired.[1]

The original payload required the user to grant it administrative privileges; ane variant of Petya was bundled with a second payload, Mischa, which activated if Petya failed to install. Mischa is a more conventional ransomware payload that encrypts user documents, every bit well as executable files, and does not require authoritative privileges to execute.[vi]
The earlier versions of Petya disguised their payload as a PDF file, attached to an e-mail.[6]
United states Estimator Emergency Response Team (US-CERT) and National Cybersecurity and Communications Integration Center (NCCIC) released Malware Initial Findings Report (MIFR) about Petya on xxx June 2017.[27]

The “NotPetya” variant used in the 2017 attack uses EternalBlue, an exploit that takes reward of a vulnerability in Windows’ Server Bulletin Block (SMB) protocol. EternalBlue is more often than not believed to have been developed by the U.S. National Security Bureau (NSA);[26]
it was leaked in Apr 2017 and was also used by WannaCry.[26]
[28]
The malware harvests passwords (using tweaked build of open-source Mimikatz[29]) and uses other techniques to spread to other computers on the same network, and uses those passwords in conjunction with PSExec to run code on other local computers.[thirty]
[31]
[32]
Additionally, although information technology still purports to be ransomware, the encryption routine was modified so that the malware could not technically revert its changes.[33]
This characteristic, forth with other unusual signs in comparison to WannaCry (including the relatively low unlock fee of US$300, and using a single, fixed Bitcoin wallet to collect ransom payments rather than generating a unique ID for each specific infection for tracking purposes),[34]
prompted researchers to speculate that this attack was not intended to be a profit-generating venture, but to harm devices rapidly, and ride off the media attention WannaCry received past claiming to exist ransomware.[35]
[36]

Mitigation

[edit]

It was institute that information technology may be possible to stop the encryption procedure if an infected computer is immediately shut down when the fictitious chkdsk screen appears,[37]
and a security analyst proposed that creating read-only files named
perfc
and/or
perfc.dat
in the Windows installation directory could forbid the payload of the electric current strain from executing.[38]
[39]
[40]
[41]
The email accost listed on the ransom screen was suspended past its provider, Posteo, for being a violation of its terms of employ. Every bit a result, infected users could not actually send the required payment confirmation to the perpetrator.[34]
[42]
Additionally, if the computer’south filesystem was Fatty based, the MFT encryption sequence was skipped, and only the ransomware’s message was displayed, allowing data to exist recovered trivially.[43]

Microsoft had already released patches for supported versions of Windows in March 2017 to address the EternalBlue vulnerability. This was followed by patches for unsupported versions of Windows (such as Windows XP) in May 2017, in the direct wake of WannaCry.[44]
[45]
Wired
believed that “based on the extent of impairment Petya has caused and then far, though, information technology appears that many companies accept put off patching, despite the clear and potentially devastating threat of a similar ransomware spread.”[46]
Some enterprises may consider it besides disruptive to install updates on certain systems, either due to possible reanimation or compatibility concerns, which can be problematic in some environments.[44]

Impact

[edit]

In a report published by
Wired, a White Business firm assessment pegged the total damages brought about by NotPetya to more than $10 billion. This was confirmed by former Homeland Security advisor Tom Bossert, who at the time of the attack was the almost senior cybersecurity focused official in the US government.[47]

During the attack initiated on 27 June 2017, the radiation monitoring system at Ukraine’s Chernobyl Nuclear Ability Establish went offline.[48]
Several Ukrainian ministries, banks and metro systems were also afflicted.[49]
It is said to have been the most destructive cyberattack ever.[50]

Among those affected elsewhere included British advertising company WPP,[49]
Maersk Line,[51]
American pharmaceutical company Merck & Co., Russian oil visitor Rosneft (its oil production was unaffected[52]), multinational police force firm DLA Piper,[49]
French construction company Saint-Gobain and its retail and subsidiary outlets in Republic of estonia,[53]
British consumer appurtenances company Reckitt Benckiser,[54]
German personal intendance company Beiersdorf, German logistics company DHL,[55]
United States food company Mondelez International, and American hospital operator Heritage Valley Wellness System.[11]
[56]
The Cadbury’southward Chocolate Manufacturing plant in Hobart, Tasmania, is the first company in Commonwealth of australia to be affected by Petya.[57]
On 28 June 2017, JNPT, Republic of india’south largest container port, had reportedly been afflicted, with all operations coming to a standstill.[58]
Princeton Customs Hospital in rural West Virginia will scrap and replace its entire computer network on its path to recovery.[59]

Popular:   Dutch athletes warned to keep phones and laptops out of China -media

The business break to Maersk, the world’s largest container ship and supply vessel operator, was estimated between $200m and $300m in lost revenues.[sixty]

The business concern impact on FedEx is estimated to be $400m in 2018, co-ordinate to the company’s 2019 annual report.[61]

Jens Stoltenberg, NATO Secretary-Full general, pressed the alliance to strengthen its cyber defenses, saying that a cyberattack could trigger the Article five principle of collective defense.[62]
[63]

Mondelez International’s insurance carrier, Zurich American Insurance Company, has refused to pay out a claim for cleaning upwards damage from a Notpetya infection, on the grounds that Notpetya is an “human action of state of war” that is not covered past the policy. Mondelez is suing Zurich American for $100 million.[64]

Reaction

[edit]

Europol said it was enlightened of and urgently responding to reports of a cyber attack in member states of the European Union.[12]
The United States Section of Homeland Security was involved and analogous with its international and local partners.[51]
In a alphabetic character to the NSA,[65]
Democratic Congressman Ted Lieu asked the bureau to collaborate more actively with technology companies to notify them of software vulnerabilities and help them prevent future attacks based on malware created by the NSA.[32]
[66]
On 15 February 2018, the Trump administration blamed Russia for the attack and warned that there would be “international consequences”.[67]
The U.k. and the Australian regime also issued similar statements.[68]

In Oct 2020 the DOJ named farther GRU officers in an indictment.[69]
At the same time, the U.k. government blamed GRU’s Sandworm also for attacks on the 2020 Summer Games.[70]

Other notable low-level malware

[edit]

  • CIH (1998)
  • Stuxnet (2010)
  • WannaCry (2017)

See also

[edit]

References

[edit]

  1. ^


    a




    b




    c




    “Decrypting the Petya Ransomware”.
    Check Point Blog. 11 April 2016. Retrieved
    27 June
    2017
    .


  2. ^


    a




    b




    Greenberg, Andy (22 Baronial 2018). “The Untold Story of NotPetya, the Almost Devastating Cyberattack in History”.
    Wired
    . Retrieved
    27 August
    2018
    .



  3. ^


    Greerberg, Andy (21 November 2019). “Russia’s ‘Sandworm’ Hackers Also Targeted Android Phones”.
    Wired. ISSN 1059-1028. Retrieved
    26 March
    2020
    .



  4. ^


    Kovacs, Edouard (16 Feb 2018). “U.Southward., Canada, Commonwealth of australia Aspect NotPetya Attack to Russia | SecurityWeek.Com”.
    world wide web.securityweek.com
    . Retrieved
    26 March
    2020
    .



  5. ^


    Gidwani, Toni (26 March 2020). “Identifying vulnerabilities and protecting you from phishing”.
    Google
    . Retrieved
    26 March
    2020
    .


  6. ^


    a




    b




    c




    d




    e




    Constantin, Lucian. “Petya ransomware is now double the trouble”.
    NetworkWorld
    . Retrieved
    27 June
    2017
    .



  7. ^


    Scherschel, Fabian A. (15 December 2016). “Petya, Mischa, Goldeneye: Die Erpresser sind Nerds”. Heise Online. Retrieved
    3 July
    2017
    .
    Die Virenschreiber hinter diesen Erpressungstrojanern scheinen große Fans des Films zu sein. Wahrscheinlich sind sie in den Neunzigern aufgewachsen und identifizieren sich mit Boris Grishenko, dem russischen Hacker-Genie aus dem Motion picture. Ob ein Twitter-Konto, welches genau auf dieses Profil passt, ein Bild von Boris Grishenko als Avatar nutzt und nach dem Verbrechersyndikat aus dem Moving-picture show benannt ist, von den Drahtziehern betrieben wird, konnten wir nicht bestätigen. Aber es ist immerhin denkbar.



  8. ^


    Valery Iliyeva (7 August 2017). “На Дніпропетровщині викрили чоловіка, який розповсюджував вірус “Petya.A”“.
    Dniprograd.



  9. ^


    Ivan Muracha (3 September 2018). “Регіональний “координатор” вірусу РЕТYА на Дніпропетровщині отримав один рік тюрми”.
    Dniprograd.



  10. ^


    “Оголошено вирок у справі за фактами масштабних кібератак вірусу “PETYA”“. Judiciary of Ukraine. 31 Baronial 2018. Archived from the original on seven September 2018. Retrieved
    7 September
    2018
    .


  11. ^


    a




    b




    c




    d




    e




    “Global ransomware attack causes anarchy”.
    BBC News. 27 June 2017. Retrieved
    27 June
    2017
    .


  12. ^


    a




    b




    Turner, Giles; Verbyany, Volodymyr; Kravchenko, Stepan (27 June 2017). “New Cyberattack Goes Global, Hits WPP, Rosneft, Maersk”.
    Bloomberg
    . Retrieved
    27 June
    2017
    .


  13. ^


    a




    b




    c




    “Revenue enhancement software blamed for cyber-assault spread”.
    BBC News. 28 June 2017. Retrieved
    28 June
    2017
    .



  14. ^


    “Cyberattack Hits Ukraine Then Spreads Internationally”.
    The New York Times. 27 June 2017. Retrieved
    28 June
    2017
    .



  15. ^


    Lee, David (28 June 2017). “‘Vaccine’ created for huge cyber-attack”.
    BBC News
    . Retrieved
    28 June
    2017
    .



  16. ^


    Burgess, Matt. “There’s another ‘worldwide’ ransomware set on and it’south spreading quickly”.
    Wired UK
    . Retrieved
    27 June
    2017
    .


  17. ^


    a




    b




    “Microsoft, Analysts Run into Hack Origin at Ukrainian Software Firm”. Bloomberg. 28 June 2017. Retrieved
    1 July
    2017
    .



  18. ^


    Jack Stubbs, Pavel Polityuk (3 July 2017). “Family house in Ukraine says it was not responsible for cyber attack”.
    Reuters
    . Retrieved
    5 July
    2017
    .


  19. ^


    a




    b




    c




    Hern, Alex (5 July 2017). “Hackers who targeted Ukraine clean out bitcoin bribe wallet”.
    The Guardian. ISSN 0261-3077. Retrieved
    10 July
    2017
    .



  20. ^


    “A new ransomware outbreak like to WCry is shutting down computers worldwide”.
    Ars Technica
    . Retrieved
    1 July
    2017
    .



  21. ^


    Frenkel, Sheera (27 June 2017). “Global Ransomware Attack: What We Know and Don’t Know”.
    The New York Times
    . Retrieved
    28 June
    2017
    .


  22. ^


    a




    b




    “Ukrainian software company will face charges over cyber attack, police propose”. AP. 3 July 2017. Retrieved
    10 July
    2017
    .



  23. ^


    “Backdoor built in to widely used tax app seeded final calendar week’southward NotPetya outbreak”.
    Ars Technica
    . Retrieved
    10 July
    2017
    .



  24. ^


    Jack Stubbs, Matthias Williams (5 July 2017). “Ukraine scrambles to incorporate new cyber threat after ‘NotPetya’ attack”.
    Reuters
    . Retrieved
    7 July
    2017
    .



  25. ^


    “New ransomware outbreak”.
    Kaspersky Weblog. Kaspersky Lab. Retrieved
    27 June
    2017
    .


  26. ^


    a




    b




    c




    Brandom, Russell (27 June 2017). “A new ransomware attack is hitting airlines, banks and utilities beyond Europe”.
    The Verge
    . Retrieved
    27 June
    2017
    .



  27. ^


    “MIFR-10130295”
    (PDF).
    The states Estimator Emergency Response Team. 30 June 2017. Retrieved
    22 July
    2017
    .



  28. ^


    Goddin, Dan (14 Apr 2017). “NSA-leaking Shadow Brokers just dumped its most damaging release nonetheless”.
    Ars Technica. p. 1. Retrieved
    13 May
    2017
    .



  29. ^


    Iain Thomson (28 June 2017). “Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide”.
    www.theregister.co.uk. San Francisco. Retrieved
    31 July
    2019
    .



  30. ^


    “Republic of india worst striking by Petya in APAC, seventh globally: Symantec”.
    The Economical Times. 29 June 2017. Retrieved
    29 June
    2017
    .



  31. ^


    “Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software”. BleepingComputer. Retrieved
    29 June
    2017
    .


  32. ^


    a




    b




    Hatmaker, Taylor (28 June 2017). “In aftermath of Petya, congressman asks NSA to stop the assault if it knows how”.
    Tech crunch
    . Retrieved
    29 June
    2017
    .



  33. ^


    “Petya.2017 is a wiper non a ransomware—Comae Technologies”.
    Comae Technologies. 28 June 2017. Retrieved
    29 June
    2017
    .


  34. ^


    a




    b




    Brandom, Russell (27 June 2017). “It’s already too tardily for today’south ransomware victims to pay up and save their computers”.
    The Verge
    . Retrieved
    28 June
    2017
    .



  35. ^


    “Tuesday’s massive ransomware outbreak was, in fact, something much worse”.
    Ars Technica. 28 June 2017. Retrieved
    28 June
    2017
    .



  36. ^


    “Cyber-attack was about data and not money, say experts”.
    BBC News. 29 June 2017. Retrieved
    29 June
    2017
    .



  37. ^


    Solon, Olivia; Hern, Alex (28 June 2017). “‘Petya’ ransomware attack: what is it and how tin can it be stopped?”.
    The Guardian
    . Retrieved
    29 June
    2017
    .



  38. ^


    Cimpanu, Catalin. “Vaccine, non Killswitch, Found for Petya (NotPetya) Ransomware Outbreak”.
    Bleeping Computer.



  39. ^


    Rogers, James (28 June 2017). “Petya ransomware: Experts tout ‘vaccine’ to protect computers from crippling cyber assault”.
    Fob News
    . Retrieved
    29 June
    2017
    .



  40. ^


    McGoogan, Cara (28 June 2017). “Security researcher creates ‘vaccine’ against ransomware assault”.
    The Telegraph
    . Retrieved
    29 June
    2017
    .



  41. ^


    Lee, Dave (28 June 2017). “‘Vaccine’ created for huge cyber-attack”.
    BBC News
    . Retrieved
    29 June
    2017
    .



  42. ^


    Mikko Hypponen. “Victims keep sending money to Petya”.
    Twitter.
    No way to contact the attackers, as their electronic mail address was killed.



  43. ^


    “Analyzed: Internet Propagation and Recovery of Non-NTFS Victims”.
    Warning Logic. 26 July 2017.


  44. ^


    a




    b




    Whittaker, Zack. “Six quick facts to know about today’south global ransomware attack”.
    ZDNet
    . Retrieved
    29 June
    2017
    .



  45. ^


    Warren, Tom (13 May 2017). “Microsoft issues ‘highly unusual’ Windows XP patch to prevent massive ransomware attack”.
    The Verge. Vox Media. Retrieved
    13 May
    2017
    .



  46. ^


    Newman, Lily Hay. “A Scary New Ransomware Outbreak Uses WannaCry’due south Old Tricks”.
    Wired
    . Retrieved
    29 June
    2017
    .



  47. ^


    Greenburg, Andy (22 August 2018). “The Untold Story of NotPetya, the About Devastating Cyberattack in History”.
    Wired
    . Retrieved
    ane September
    2018
    .



  48. ^


    Griffin, Andrew (27 June 2017). “Chernobyl’south radiation monitoring system has been hitting by the worldwide cyber attack”.
    The Independent
    . Retrieved
    27 June
    2017
    .


  49. ^


    a




    b




    c




    Scott, Mark; Perlroth, Nicole (27 June 2017). “New Cyberattack Spreads in Europe, Russia and U.Southward.”
    The New York Times. ISSN 0362-4331. Retrieved
    27 June
    2017
    .



  50. ^


    “Us, UK say Russia behind ‘almost destructive’ cyberattack e’er”.

  51. ^


    a




    b




    ‘Petya’ Cyberattack Cripples Ukraine, And Experts Say It’south Spreading Globally”.
    The two way. NPR. 27 June 2017. Retrieved
    27 June
    2017
    .



  52. ^


    “Russian federation’s Rosneft says hit past cyber assault, oil production unaffected”.
    Reuters. 27 June 2017. Retrieved
    28 June
    2017
    .



  53. ^


    Ruuda, Lennart (28 June 2017). “Ehituse ABC sulges küberrünnaku tõttu kõik oma poed” [Ehituse ABC closed all its stores considering of cyberattack].
    Postimees
    (in Estonian). Retrieved
    28 June
    2017
    .



  54. ^


    Yeomans, Jon (vi July 2017). “Dettol maker Reckitt Benckiser warns revenue volition be striking as information technology cleans up Petya cyber attack”.
    The Telegraph
    . Retrieved
    9 July
    2017
    .



  55. ^


    “Hackerangriff: Beiersdorf & Co hart getroffen” [Hacking attack: Beiersdorf and other companies badly affected].
    ARD. vi July 2017. Retrieved
    9 July
    2017
    .



  56. ^


    Henley, Jon; Solon, Olivia (27 June 2017). “‘Petya’ ransomware attack strikes companies across Europe and US”.
    The Guardian. ISSN 0261-3077. Retrieved
    27 June
    2017
    .



  57. ^


    “Petya cyberattack: Hobart’s Cadbury chocolate factory struck”.
    The Australian
    . Retrieved
    28 June
    2017
    .



  58. ^


    “New malware hits JNPT operations every bit APM Terminals hacked globally”.
    The Indian Limited. 27 June 2017. Retrieved
    28 June
    2017
    .



  59. ^


    Evans, Melanie (30 June 2017). “Business News: Infirmary Is Forced To Fleck Computers”.
    The Wall Street Journal
    . Retrieved
    2 July
    2017
    .



  60. ^


    “Petya ransomware: Cyberattack costs could hit $300m for shipping giant Maersk”.
    ZDNet.



  61. ^

    https://s1.q4cdn.com/714383399/files/doc_financials/annual/2019/FedEx-Corporation-2019-Annual-Report.pdf[
    bare URL PDF
    ]


  62. ^


    Uchill, Joe (28 June 2017). “Overnight Cybersecurity: New questions about ‘ransomware’ attack—Tensions betwixt NSA chief, Trump over Russian federation—Senate console asks states to publicize election hacks”.
    The hill.



  63. ^


    “NATO Warns Use of Article v Over Cyber Assault, Members Pledge Spending Increase”.
    Haaretz. 28 June 2017.



  64. ^


    Kieran McCarthy (xi January 2019). “Cyber-insurance shock: Zurich refuses to human foot NotPetya ransomware clean-up bill—and claims it’s ‘an act of state of war’“.
    The Annals.



  65. ^


    Lieu, Ted. “Letter to NSA manager”
    (PDF). House. Retrieved
    29 June
    2017
    .



  66. ^


    “New computer virus spreads from Ukraine to disrupt world business”.
    Reuters. 2017. Retrieved
    29 June
    2017
    .



  67. ^

    thehill.com

  68. ^

    “U.s.a., UK, Commonwealth of australia Warn Russia of ‘International Consequences’—NotPetya Outbreak Attributed to the Kremlin”

  69. ^


    “Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Confusing Actions in Cyberspace”. 19 October 2020.


  70. ^


    “United kingdom exposes series of Russian cyber attacks against Olympic and Paralympic Games”.

Further reading

[edit]

  • Greenberg, Andy (22 August 2018). “The Untold Story of NotPetya, the Most Devastating Cyberattack in History”.
    Wired. ISSN 1059-1028.



Popular:   Best laptop backpacks and bags in 2022

Code in huge ransomware attack written to avoid computers that use Russian, says new report

Source: https://en.wikipedia.org/wiki/Petya_and_NotPetya