Jun 29, 2017

Global hack appears aimed at damage, not money

Ng Han Guan / AP

The "ransomware" attack that struck Ukraine and has since spread to about 65 countries might not be a regular ransomware attack after all. Instead, its code indicates it is more like a "wiper," according to Matt Suiche, founder of cybersecurity startup Comae Technologies.

What it means: "The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money," Suiche writes. Instead of just encrypting files when it infects a device, this hack encrypts your entire hard drive and the Master Boot Record so that it is totally inoperative, according to Radware. This also causes the whole computer to restart.

  • Microsoft points out that this hack, sometimes called GoldenEye, is a new variant of Petya, which CNET reports has been sold on forums in the dark web since last April.

Why it matters: For one, as CNET's Alfred Ng writes: "Compared with GoldenEye, WannaCry (a ransomware attack in May) looks like it was written by amateurs." Second, Suiche believes the hackers went to the trouble of making it look like ransomware attack to "control the media narrative" to scapegoat an unknown hacking group instead of what it actually might be — a state hacker. (State hackers usually don't use ransomware.)

One big caveat: As Bret Padres, a former intel official and CEO of The Crypsis Group tells Axios, "a just as plausible explanation is that this is a coding error" that makes it look like a wiper and not a simple ransomware hack.

What else we've learned in the last day:

  • The hack hit 65 countries, including Ukraine, Russia, Denmark, Spain, India, Germany, U.K., U.S. and France, according to a Microsoft analysis. It is still impacting ATMs in Ukraine and Pennsylvania's Heritage Valley Health System, per NPR.
  • There is no "kill switch" for this hack (there was one for WannaCry).
  • GoldenEye was spread, in part, through Ukrainian tax accounting software, Symantec reports, adding that it's "interesting" that the attack began on a Ukrainian national holiday, Constitution Day.
  • The hackers aren't attempting to attack random IP addresses (as WannaCry did) and instead targeting mostly financial institutions in Ukraine, per Symantec.
  • Motives: Since the hackers set up a poor payment system, the goal appears to be to cause damage rather than to collect ransom (the point of contact was through an email suspended by the host, and there is only one Bitcoin wallet listed to receive money, making the operation appear uncoordinated and weak).

What to watch now: The Bitcoin wallet that the hackers were going to use to receive payments, which law enforcement will be watching, too, to see if the attackers will somehow reveal themselves. Plus, expect hacking to come up during NATO meetings tomorrow in Brussels. Last year NATO decided a cyber hack could trigger its mutual defense protocol, Article Five.

Go deeper

Updated 2 hours ago - Politics & Policy

In photos: Protesters clash with police nationwide over George Floyd

Police officers grapple with protesters in Atlanta. Photo: Elijah Nouvelage/Getty Images

Police used tear gas, rubber bullets and pepper spray as the protests sparked by the killing of George Floyd spread nationwide on Friday evening.

The big picture: Police responded in force in cities ranging from Atlanta to Des Moines, Houston to Detroit, Milwaukee to D.C. and Denver to Louisville. In Los Angeles, police declared a stretch of downtown off limits, with Oakland issuing a similar warning.

Updated 2 hours ago - Politics & Policy

Supreme Court sides with California on coronavirus worship service rules

The Supreme Court has ruled 5-4, with Chief Justice John Roberts joining the court's liberal justices, to reject a challenge to California's pandemic restrictions on worship services.

Why it matters: This is a setback for those seeking to speed the reopening of houses of worship, including President Trump.

Updated 4 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 10 p.m. ET: 5,923,432— Total deaths: 364,836 — Total recoveries — 2,493,434Map.
  2. U.S.: Total confirmed cases as of 10 p.m. ET: 1,745,930 — Total deaths: 102,808 — Total recoveries: 406,446 — Total tested: 16,099,515Map.
  3. Public health: Hydroxychloroquine prescription fills exploded in March —How the U.S. might distribute a vaccine.
  4. 2020: North Carolina asks RNC if convention will honor Trump's wish for no masks or social distancing.
  5. Business: Fed chair Powell says coronavirus is "great increaser" of income inequality.
  6. 1 sports thing: NCAA outlines plan to get athletes back to campus.