Swiper! No Wiping!

Last night I put together some words called p0wn3d . This was basically an outlet after watching things unfold ... again ... with malware encrypting machines. My point was as much as anything the unseen impact, the real payloads, and the fact that now this Pandora's Box of tricks has been opened. There is no closing it.

The news yesterday showed the email/account the alleged perpetrator (avoiding using the phrase 'threat actor' here as it leaves me as uncomfortable as when people use the word 'cyber') had set up being closed down by the provider.

Closed down you say. Riiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiight.

Abuse tickets. 'Funny old game. You are either the company that "gives them 24/48 hours to respond" (values money over reputation / damage) - or you are the company "who checks it out and uses common sense to close it down" (smaller, more vulnerable to the damage a prolonged attack, ethics). However, whoever you are, you get a bell from New Scotland Yard / NCSC (or to be fair - trading standards et al.) and you listen in.

... allegedly ... what would I know about such things afterall ...

So why was this not kept up, and monitored?

...or is that just me.

Equally - high value targets? ... but asking for a tiny ransome?

Not. Adding. up.

This morning the news regarding what not/petya does seemed to be coming through that this was in fact even more suspect, and looked to be a state level attack - with no means to decrypt - this was simply wiping away the hopes and dreams of the filesystem leaving you up shit creek sans paddle.

Here is a nice article - if a little long, breaking down what petya / notpetya does for a day job. Without putting too fine a point on it - it wipes not encrypts. It trashes file systems, no coming back from that. Money is not an object, it is a distraction, gravy for the media.

Ladies and gentlemen. It has begun.

2 Responses to “Swiper! No Wiping!

  • anthony
    7 years ago

    Reuters report in this morning.


    Some machines did not go down.

    What if:

    – Breach of somewhere / thing wiping evidence;
    – BIOS payload installed;
    – Infected known targets software sources knowing reinstall will be required;
    – Machine credentials gone before wiped, reinstall will use same.

    …generally suspicion of this being a smoke screen, a distraction, as it seems a little full on for a “test”.

    It is cold comfort – but nice to hear that sometimes thinking “like me” actually pans out, and isn’t just worrying about could be, might be, could happen events.

  • anthony
    7 years ago

    I doubt the real people / state / organisation behind the recent Petya will be publically identified. Furthermore while we are in a ‘Word War One style scenario’ of technology to attack outstripping our means to use it effectively and defend against it within this space… it is unlikely we EVER will.

    However it comes as no real surprise – that after previous accounts of Russia using the Ukraine as a sandbox for testing – and general punchbag – accounts like this from the Independent really do not have me reaching for where I keep my surprised face:



Leave a Reply

Your email address will not be published. Required fields are marked *