Petya Ransomware Attack Shows What a Cyber War Might Look Like

Just a month after the WannaCry ransomware attack knocked out computer systems across the globe, another massive cyberattack is spreading from Eastern Europe to the rest of the world. In Ukraine, where the attack first hit, the effects offer a preview of what a cyber war could look like: “lock-out” screens and chaos at the grocery store.

On Tuesday, a group of unknown hackers launched a massive, devastating, cyberattack on major Ukrainian corporations, utility companies, and government agencies. The attack has locked up government computers, shut down power stations, and corrupted media stations across the country. While the damage has been concentrated in Ukraine, companies and institutions in Spain, France, Denmark, Poland and Russia have all reported hacks. Right now, it’s unclear whether the hack was the work of a nation-state or a third party.

International companies like Rosneft, the largest Russian oil company, and Maersk, the Danish shipping giant, have been affected.

“A massive hacker attack has hit the servers of the Company. We hope it has no relation to the ongoing court procedures,” announced Rosneft on its Twitter account, later adding that “neither oil production nor preparation processes were stopped.”

Advertising firms and other companies in the U.K. have reported attacks, and some reports suggest that it has already spread to systems in the United States:

“The longer it drags on the more the entire logistics chain will be disrupted,” Lars Jensen, chief executive of maritime cyber security firm CyberKeel told the Wall Street Journal. “The ships can be operated manually but if you don’t have access to your operational and commercial databases you won’t know where your containers are.”

This was the message of every computer screen in Ukraine’s Cabinet of Ministers on Tuesday, reported Christopher Miller, a Ukraine-based journalist:

The majority of the hacks appear to be a traditional ransomware attack: A computer is encrypted by a third party until the owner pays a digital ransom in Bitcoin to unlock their data.

Security researchers at Kaspersky Labs say the malicious program used is called Petrwrap/ Petya, a dangerous variation of the WannaCry ransomware used in May.

The hack displays the below “lock-out screen” to its victims, telling them to wire $388 in Bitcoin to a hacker with the email address wowsmith123456@posteo.net.

Costin Raiu, a director of global research and analysis at Kaspersky Lab reports that like the WannaCry attack, the hackers don’t appear to be making a whole lot of money so far. The hacker has received less than 1 BTC, which is a little over $2,000.

The real damage seems to be how much access the hackers appear to have. In 2015 and 2016, massive cyber attacks disrupted the power grid in Ukraine, hacks that could be considered probing attacks or tests for a larger attack.

On the ground in Ukraine right now, this is what cyberwar looks like: Grocery stores are either shut down or having trouble selling food, as numerous terminals come under attack.

Power companies, like in the 2015 and 2016 attacks, shut down, hopefully briefly, leaving thousands if not millions without power. Public transportation is a mess, as payment systems for the Metro have gone down in Kyiv.

The Chernobyl nuclear power plant has switched to “manual radiation monitoring.” Flights out of the Boryspil International Airport are delayed, and government officials are locked out of computer systems.

In other words, with a single piece of ransomware, an unknown force could essentially bring part of a country to a standstill. Fortunately, the official Ukrainian Twitter account is keeping things lighthearted.

The important distinction here is who’s behind the attack. The governments of both Russia and Ukraine sometimes employ freelance hacking groups to test vulnerabilities in rival’s cybersecurity. But this attack, at least on the outside, appears to be a third party, instead of a state-sponsored hit.

“Seems like this cyber-attack was first discovered in, but didn’t necessarily target #Ukraine. It’s clearly gone global. Chaos all around,” Christian Borys, a freelance journalist based in Ukraine said in a tweet.

It’s still a good example of what a widespread cyberwar would look like, as it was concentrated in Ukraine, but that doesn’t necessarily mean it’s another world power deliberately attacking another country.

Not much is known about the perpetrators of the WannaCry attack, other than they were likely fluent Chinese speakers, and it will take security researchers some time to do the digital forensics necessary to get a handle on where the attack is coming from this time. While the damage may not be as comprehensive as it was in Ukraine, it’s highly possible that the Petya attack makes it to the United States, another reminder of how vulnerable almost every level of society is to digital attack.