Printer Friendly

Cyber security firm backs UK, US govts on Russian cyber attacks claims.

Cyber security firm FireEye has said it found links between a Russian-based hacking group, Sandworm Team, and the Petya ransomware attack that crippled IT systems globally last year.

Evidence analysed by FireEye iSIGHT Intelligence team,

including details of a Sandworm Team ransomware campaign in March 2017 and

technical data from a M.E.Doc update server, suggests a link between the Petya

ransomware campaign and Sandworm Team, FireEye said in a statement.

Last week, the US and Britain directly implicated the

Russian military of being directly behind a cyber-attack on Ukraine that spread

globally last year. In the NotPetya attack, businesses with strong trade links

with Ukraine, such as the UK's Reckitt Benckister, Dutch delivery firm TNT and

Danish shipping giant Maersk were affected. The attack is estimated to have cost

companies more than $1.2bn.

Petya and NotPetya are two related pieces of malware that

affected thousands of computers worldwide in 2017. Both Petya and NotPetya aim

to encrypt the hard drive of infected computers; while Petya is a standard

piece of ransomware used to extract bitcoin payments from victims, NotPetya is

widely believed to be a state-sponsored Russian cyberattack masquerading as

ransomware. M.E.Doc is an accounting software maker implicated in spreading NotPetya


John Hultquist, director of intelligence analysis at FireEye

said the Russia-nexus cyber espionage group Sandworm Team has used malware

several times against Ukrainian entities since the fall of 2015. The earliest

variations simply wiped the victims' machines; however, in 2017 a ransomware

component was introduced. "These prior attacks share features, including

distribution through a compromised software provider and a wiper masquerading

as ransomware, with the June 2017 Petya attack, supporting a link between

Sandworm and Petya," Hultquist added.

Sandworm Team is best known for causing two blackouts in

Ukraine, and while their attention is often focused there, they have targeted

systems in the West as well, Hultquist said. Previously, Sandworm Team was

found to have penetrated several US utilities, suggesting a preparation for

attack, he added.

Russia has dismissed the claims, terming them

"baseless". The government has pointed out that Russian businesses

were among those whose systems were affected. Ukraine has been locked in armed conflict

with Russian-backed separatists since Moscow annexed Crimea in 2014.

UK Defence Secretary Gavin Williamson warned that the West

had "entered a new era of warfare, witnessing a destructive and deadly mix

of conventional military might and malicious cyber attacks".

[c] 2018 ITP Business Publishing Ltd. All Rights Reserved. Provided by SyndiGate Media Inc. ( ).

COPYRIGHT 2018 SyndiGate Media Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2018 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Geographic Code:4EXRU
Date:Feb 19, 2018
Previous Article:New CEO for Software AG.
Next Article:Riverbed launches new channel partner programme.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters