NotPetya ransomware attack officially pinned on Russia – what does this mean for the IT sector?
by Heat Recruitment
By Marcus Granville
Almost one year on from the EternalBlue-based NotPetya attack that devastated Ukraine and companies around the world, industry pundits have continually attempted to pin it on the usual suspects… low-level hackers holding nation-state level exploits, North Korea, Russia and China.
Now, however, the UK government has taken the unusual political step of naming who they believe to be responsible… Russia.
The difference between Petya and NotPetya sits with its methodology – whilst the former, a pure ransomware strain, was able to be unlocked after payment had been made, the feature did not carry over to the latter.
Despite not being as prolific as the WannaCry attacks of May 2017, the attack has been ranked as “the most destructive” malware of the year. This is due to the fact that it was specifically designed to do damage to a country’s infrastructure… damage felt keenly by Ukraine, and the various individual companies caught up in its wake.
Of those businesses most significantly affected, Dutch delivery firm TNT, Reckitt Benckister and Maersk, each had significant trade links with Ukraine. Maersk, the shipping giant, reportedly lost between $200m – $300m – exclusively due to delays and disruption, with terminals in four separate countries impacted.
According to Defence Secretary Gavin Williamson, Russia was “ripping up the rule book”, with the UK being “duty bound to respond”. He continued, stating that the West had “entered a new era of warfare, witnessing a destructive and deadly mix of conventional military might and malicious cyber-attacks.”
Foreign Office minister Lord Ahmad of Wimbledon stated that: “The UK government judges that the Russian government, specifically the Russian military, was responsible for the destructive NotPetya cyber-attack … The Kremlin has positioned Russia in direct opposition to the West, yet it doesn’t have to be that way.”
Despite also being identified by the CIA, proof of Russian involvement from the cited NCSC (National Cyber Security Centre) report is not forthcoming. Unlike the rigorous burden of proof put upon cybersecurity researchers, the same is not the case in terms of statements made in parliament due to Parliamentary Privilege – a defamation defence based on legal immunity.
All evidence points to one changing industry trend – the shift towards more effective forms of cyber warfare. General Sir Nick Carter, head of the British Army, has warned that hybrid weapons – fake news, corruption, and cyber-attacks, are a greater threat to the UK and the West than terrorism.
He continued, “Since 2016 we have seen a marked shift to cyber, subversion and coercion, as well as sophisticated use of smear campaigns and fake news – for example, interference in the US democratic process and the attempted coup in Montenegro.”
According to the NCSC statement, “The malware was not designed to be decrypted. This meant that there was no means for victims to recover data once it had been encrypted. Therefore, it is more accurate to describe this attack as destructive [rather] than as ransomware.”
For IT and tech specialists, we are about to enter a period of immense growth in the industry. To back up these claims in any meaningful way, we predict new programmes and initiatives will be created to develop cyber-skills in the UK. Until then, salaries for cyber-security professionals will continue to rise as demand for these vital services is not met. Until then, remove any unnecessary input ports, segment networks, train staff on proper protocols and firewall everything that isn’t tied down.
Today, it’s clear that prevention has failed – now we need to work towards containment. It doesn’t look like we’ll get out of this one with a slap-on-the-wrist cryptocurrency fine.
If you’re looking for your next IT, tech or cybersecurity role – get in touch with our dedicated team at Heat Recruitment.