
Ransomware attack 'not designed to make money', researchers claim - rbanffy
https://www.theguardian.com/technology/2017/jun/28/notpetya-ransomware-attack-ukraine-russia
======
Animats
It made maybe $10,000, from the Bitcoin tracker.

As for damage, Maersk container terminals worldwide are still shut down on the
truck side, not accepting containers for shipment. Maersk is so down that
their web sites with status info aren't being updated to show that they're
down.[1] Their Twitter feed has general statements.[2] The only good info
seems to come from the Port Authority of New York and New Jersey, which is
telling truckers not to come to Maersk's terminal today, Wednesday.[3]

Understand what this means. The biggest container ports in the US and Europe
have been down for two days. There's no announced re-opening date yet.

Nobody else seems to have been visibly hit as hard as Maersk, other than the
Kiev subway fare collection system.

[1] [http://www.apmterminals.com/en/operations/north-
america/port...](http://www.apmterminals.com/en/operations/north-america/port-
elizabeth/about-us/status-update-report) [2]
[https://twitter.com/Maersk](https://twitter.com/Maersk) [3]
[http://btt.paalerts.com/recentmessages.aspx](http://btt.paalerts.com/recentmessages.aspx)

~~~
pmoriarty
Hopefully this will lead to less complacency, and an increased interest in and
more funding for security. In the long run, hopefully infrastructure like this
will become more hardened and less susceptible to such attacks.

------
INTPenis
Yes tech sites are now advising people not to pay because their mail provider
has already shut down their account.

But how many average users read tech sites?

I wouldn't discount monetary motives just because their method of handling
payments is dodgy. As long as that bitcoin ID is up it will be used.

It's not exactly in their interest to be honest here.

[https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaA...](https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX)

~~~
swiley
If I where to bother committing a crime I'd want a lot more than that.

~~~
INTPenis
I equate these guys with spammers so from that perspective I'm not surprised.
Simplest explanation is often the right one.

------
apo
The article provides no evidence for the claim made in the title. Even if it
were to do so, the article leaves the dangling question of why bother to
include the ransom component at all.

~~~
qb45
You need to do something destructive to study the scale of real world
disruption resulting from such offensive and to motivate victims to report
infections. They could probably go with the old-school _format c:_ , but
ransomware seems to be all the rage nowadays.

------
BoiledCabbage
I posted this same suspicion yesterday.
([https://news.ycombinator.com/item?id=14646881](https://news.ycombinator.com/item?id=14646881))

Russia is "range testing" its weapons in Ukraine.

The West and particularly the US should be _very_ worried about this. The
sanctions against Russia are dictating its policy and they have shown a
willingness to escalate beyond what's been considered "appropriate" in the
past.

I'll say it again here, a country will be made to surrender its policy due to
crippling cyber-attacks. As has been shown in the past a western country will
only fight a war as long as the citizens support it. When people are harmed
and dying due to hospital shut downs, inaccessible banks, power companies
offline, airplanes grounded and food shipping stalled - politicians will feel
their arms have been twisted horribly but will concede. How well would
Washington, DC function for weeks or longer without electrical power?

What Russia is preparing for is the equivalent of bombing cities until
surrender (not the direct death, but the punish the population to cause
surrender method). As far as I know, there are no international laws around
it.

Best case is all sides escalate cyber-weapon "strength" to unthinkable levels
and we enter a new cold-war standoff. But again, the nuke mutually assured
destruction only could happen after nukes had been proven to be crippling...

The West needs to take this threat _very_ seriously, or we'll soon find
ourselves at the wrong end of the barrel of a new weapon.

~~~
fnovd
I'm surprised to see even people on this site downplaying how worrisome these
attacks are.

The ability to shut down an enemy's computer systems remotely is an awesome
power, and will only become more impactful as we rely more and more on
computer systems in our everyday lives.

Forget space: the internet is the next frontier. A group of enemy soldiers
shutting down a hospital would be met with outrage and military backlash. A
group of hackers shutting down fifty hospitals is met with jokes about
outdated operating systems and derision towards IT directors.

At what point do we stop treating these like annoyances of a strange new world
and start treating them like what they are: targeted, military-grade attacks.
The whole world can see how woefully unprepared the West is for attacks of
this nature and the attackers are only going to grow more bold.

The more intertwined tech is with the military, the more powerful the cyber-
warfare paradigm becomes.

~~~
Mizza
A thing you two aren't considering is the that US and the UK are the world
leaders on the offensive side of this same technology, "we" just do a
(slightly) better job of keeping this stuff contained. Raytheon, BAE, etc. all
have cyber weapons development divisions and obviously GCHQ and NSA do their
own internal development. The west's policy of "proportional response" will
apply to cyber attacks as well.

Not that this is an excuse for having unpatched systems or not designing for
the catastrophe scenario, but we should remember that this is a two-way
street.

~~~
fnovd
>A thing you two aren't considering is the that US and the UK are the world
leaders on the offensive side of this same technology

Exactly, on the _offensive_ side. I'm not particularly concerned about our
ability to retaliate proportionally.

But what good is a deterrent if it fails to deter attackers? Our defensive
capabilities are clearly lacking, as these past few attacks have shown.

------
spurlock
The single point of failure was the posteo.de[1] account. Surely doing
business over this kind of channel was doomed to fail. Infosec Twitter is
alight with conspiracy theories that receiving money was the least of the
attacker's concerns. I too believe that they just wanted to cause damage and
piss people off in Ukraine, using the ransom functionality of the software as
a front. BTW: Instead of using email, what should they be using to offer
support and arrange payment? Some sort of encrypted instant messenger system?

[1]: [https://posteo.de/en/blog/info-on-the-petrwrappetya-
ransomwa...](https://posteo.de/en/blog/info-on-the-petrwrappetya-ransomware-
email-account-in-question-already-blocked-since-midday)

