Thu | Mar 22, 2018

Global cyberattack may have aimed for havoc, not extortion

Published:Friday | June 30, 2017 | 12:00 AM
Trucks loaded with containers are lined up outside a terminal at the Jawaharlal Nehru Port Trust in Mumbai, India, yesterday. Operations at a terminal at India's busiest container port have been stalled by the malicious software that suddenly burst across the world's computer screens Tuesday, another example of the disruption that continues to be felt globally.


The cyberattack that has locked up computers around the world while demanding a ransom may not be an extortion attempt after all, but an effort to create havoc in Ukraine, security experts say.

"There may be a more nefarious motive behind the attack," Gavin O'Gorman, an investigator with US antivirus firm Symantec, said in a blog post . "Perhaps, this attack was never intended to make money, rather to simply disrupt a large number of Ukrainian organisations."

The rogue programme landed its heaviest blows on the eastern European nation, where the government, dozens of banks and other institutions were sent reeling. It disabled computers at government agencies, energy companies, cash machines, supermarkets, railways and communications providers. Many of these organisations had recovered by yesterday.


Malicious software


The programme, known by a variety of names, including NotPetya, initially appeared to be ransomware, a type of malicious software that encrypts its victims' data and holds it hostage until a payment is made, usually in bitcoins, the hard-to-trace digital currency often used by criminals.

But O'Gorman and several other researchers said the culprits would have been hard-pressed to make money off the scheme. They appear to have relied on a single email address that was blocked almost immediately and a single bitcoin account that has collected the relatively puny sum of $10,000.

Others, such as Russian anti-virus firm Kaspersky Lab, said clues in the code suggest the programme's authors would have been incapable of decrypting the data, further indicating the ransom demands may have been a smoke screen.

The timing was intriguing too: The attack came the same day as the assassination of a senior Ukrainian military intelligence officer and a day before a national holiday celebrating the new Ukrainian constitution signed after the breakup of the Soviet Union.