Class 643 Week 7
Class 643 Week 7
Petya and NotPetya have several differences the first of which is the XOR key used. The latter uses 0x07 as a key while the former uses 0x37 (Alvarez, 2017). Another difference is that Petya is a standard piece of ransomware that quickly targeted a few cryptocurrency (Bitcoin) victims while NotPetya is malware with many tools that enable it to spread in and infect computers (Fruhlinger, 2017). Thirdly, the two differ in their reboot style where Petya initiates the reboot process using NtRaiseHardError API while NotPetya utilizes the “shutdown.exe/r/f” command to schedule a reboot (Alvarez, 2017). These and other differences are significant to the growing cybersecurity field as it relates to infrastructure because they reflect the magnitude of damage and vulnerabilities that can arise from critical infrastructure interdependency in the event of ransomware or malware attacks (Macaulay, 2019).
In general, NotPetya differs from ransomware in that this malware is not an attempt to achieve financial gain via cyber ransom but rather infect computers and deny users the opportunity to decrypt and restore their systems. So, the likely motivation in this difference was data destruction where NotPetya encrypts users’ data and damages it beyond repair (Fruhlinger, 2017). The implications of the NotPetya attack for global transportation systems are that it caused major transportation disruptions at port facilities globally and borked the global transport and logistics supply chains (Macaulay, 2019; Saul, 2017). Had Maersk not acted promptly to recover so quickly from this attack by reinstalling and replacing its IT systems in 10 days, the implications would have been total catastrophic transportation disruptions worldwide. Some factors that could have made the NotPetya attack worse are unpatched computer systems and massive infrastructure interdependence. What could have been done to help prevent this attack is infrastructure separation so that an attack on one infrastructure sector does not affect all sectors.
Alvarez, R. (July 09, 2017). Key differences between Petya and NotPetya. Fortinet, Inc. Retrieved February 25, 2020, from https://www.fortinet.com/blog/threat-research/key-differences-between-petya-and-notpetya.html.
Fruhlinger, J. (October 17, 2017). Petya ransomware and NotPetya malware: What you need to know now. CSO & IDG Communications, Inc. Retrieved February 25, 2020, from https://www.csoonline.com/article/3233210/petya-ransomware-and-notpetya-malware-what-you-need-to-know-now.html.
Macaulay, T. (2019). The danger of critical infrastructure interdependency. Governing Cyberspace during a Crisis in Trust, 69-73.
Saul, J. (2017). Global shipping feels fallout from Maersk cyber attack. Thompson Reuters.