Crime Group Behind 'Petya' Ransomware Resurfaces to Distance Itself From This Week's Global Cyberattacks. Janus Cybercrime Solutions, the author of Petya—the ransomware initially attributed with Tuesday’s global cyberattacks—resurfaced on Twitter late Wednesday, seemingly offering to help those whose files can no longer be recovered. The altruistic gesture, even if it does prove fruitless, is uncharacteristic of the criminal syndicate that launched an underworld enterprise by placing powerful exploits in the hands of others to deploy as they see fit. It may also simply indicate that Janus would prefer not to be tagged with the spread of “Not. Petya”—so named by Kaspersky Lab, which has itself sought to differentiate between Janus’ ransomware and that which worked havoc across Europe this week. There’s consensus now among malware experts that Not. Petya is actually a wiper—malware designed to inflict permanent damage—not ransomware like Petya, which gave its victims’ the option of recovering their data for a price. The earliest analysis of this was offered on Tuesday by security researcher the grugq, who wrote: “The superficial resemblance to Petya is only skin deep. Janus Cybercrime Solutions, the author of Petya—the ransomware initially attributed with Tuesday’s global cyberattacks—resurfaced on Twitter late Wednesday. What is a Smartphone? Definitions, features, shapes (200) Smartphones are sophisticated devices used for communication while offering many other. On Thursday, researchers at Stanford University introduced the latest thing in AI diagnostics: an algorithm that can sift through hours of heart rhythm data gathered.Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of . At time of writing, they’ve yet to elaborate any further. Ransomware- as- a- Service. In early 2. 01. 6, Janus launched a darknet website based on a black- market business model called Ransomware- as- a- Service (Raa. S). Simply put, they offered other criminals access to a sophisticated ransomware- distribution platform. Its customers, after paying a nominal registration fee, could use the platform and in exchange Janus received a cut of all ransom paid. The customers tracked infection rates via a simple web interface, which also allowed them to adjust the ransom amounts. Janus, which has presented itself as a “professional cybercriminal” organization, even offered technical support, mitigating bug reports and fielding requests for new features to its beta platform. The revenue model was designed specifically to benefit customers who pulled in the most ransom payments. Those who collected fewer that 5 bitcoin in ransom per week, for example, received only a 2. In the past, Raa. S dealers mostly limited commercial access to ransomware that exploited well- known and widely- patched vulnerabilities. Janus, however, wasn’t fucking around. The group is fairly unique in that its product was sophisticated and, at the time, still very much effective. Petya, the malware which was not behind Tuesday’s outbreak—despite widespread reports of this in the media—only made up half of Janus’ payload. Unlike most ransomware, which leaves the operating system intact while encrypting individual files, Petya encrypts entire portions of its victim’s hard drive. Petya, instead, replaces the computer’s Master Boot Record, locking the user out of the operating system. The Master File Table is then encrypted leaving the computer unable to locate any of the victim’s files. The user is offered a unique code which can be entered into a decryption website in order to submit a payment. The instructions are always offered in clear and concise terms—the more complex the process, the fewer payments will be received. Once Petya is downloaded—in the past, it was distributed by emails with the help of a spambot—the user is prompted to give the malware user account control. If the user clicks “Yes,” Petya initiates and the aforementioned process begins. If they click “No” instead, backup malware, known as Mischa, executes. This malware is of the more typical variety and encrypts individual files before prompting the victim with payment instructions from inside the operating system. If the victim was infected by Mischa and made the payment, they were given a password to decrypt the files. If infected by Petya, the password decrypts the Master File Table and repairs the Master Boot Record. Either way, paying the ransom results in the user regaining complete access to their files without suffering permanent damage. Ransomware- as- a- Disguise. Conversely, what motivated the malicious actor behind the Not. Petya infections was not money. The grugq’s assessment was confirmed on Wednesday by Kaspersky Lab malware analysts Anton Ivanov and Orkhan Mamedov, who wrote that the victims of the Not. Petya malware were unable to recover their files, even if the ransom was paid. The grugq’s report was also confirmed hours earlier by hacker Matthieu Suiche, founder of Comaelo Technologies. These assessments indicate that Not. Petya is a “wiper” designed specifically to destroy data—not generate revenue. Suiche writes that, in his opinion, the purpose of this ruse was to “control the narrative of the attack,” meaning the hackers behind it sought to mislead the press. As to whom may be responsible, attribution, as always, remains problematic. It appears, however, that patient zero may be a Ukrainian software firm called Me. Doc—though the company has refuted this allegation in a Facebook post on Tuesday. According to several experts, the outbreak began after Me. Doc was breached and Not. Petya was pushed out to its customers via a software update. Attacks of this kind, designed to damage a company’s reputation by inflicting damage on its clients, are what’s known as a “supply chain attack.”Some have fingered Russia, which has intervened militarily in Ukraine since 2. Not. Petya infections in the Russia oil sector mitigated with suspicious ease. This is cyberwar and it’s not good for business.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
August 2017
Categories |