The story about the cyber weapon that attacked several enterprises around the world
Andy Greenberg is a veteran cyber security organization reporter who has kept up with the chaotic and frightening world of cyberwar since its earliest days; in a forthcoming book, Greenberg tells the tale about the fascinating and terrible story of Notpetya, a Russian cyber weapon (designed from NSA’s filtered cyber weapons) that disguised itself as a criminal ransomware, but was designed to identify and destroy critical systems and networks in Ukraine.
Ukraine has been a Russian cyberwar testing ground for years, which has turned Ukrainian territory into a study object of cyber security organization researchers.
Although it was designed to attack Ukrainian systems (it targets systems with a common piece of Ukrainian accounting software), Notpetya design flaws caused it to go into the wild and shut down some of the world’s largest companies, Including Maersk, the world’s biggest shipping company.
In An overlook of his book, the cyber security organization expert details how the attack in Maersk occurred, a global event that spread over the supply chains and could have been much, much worse (a key piece of data was eliminated on seven duplicate servers and it only survived in a system in Ghana due to an abnormal blackout that closed a data center, so the system was disconnected before it could be infected).
The story of the infection in Maersk shows how attacking key points of the system could turn it unusable, even though other parts of the system are not affected. In Maersk case, shipboard systems were fine, but there was no way to distribute their loads or receive new ones, even the accesses to the ferry ports were paralyzed.
According to the cyber security organization expert, after a frantic search that involved calling hundreds of IT administrators around the world, Maersk teams finally found a single surviving domain controller in a remote office in Ghana. Sometime before NotPetya attacked, a blackout affected the Ghanaian system, so the machine was off line during the attack. Therefore, that machine contained the only known copy of the company’s domain controller data that the malware had not infected, all thanks to a blackout. “There were cries of joy in the office when we found this”, a Maersk administrator mentioned.
However, when Maersk engineers were able to establish a connection between Maidenhead and the Ghana office, they discovered that their bandwidth was so weak that it would take days to send the backup of the domain controller to the UK. What they thought was to put a staff member from Ghana on the next plane to London. But none of the West African office employees had a British visa.
Because of this, a member of Ghana’s office flew to Nigeria to meet with another Maersk employee at the airport to deliver a hard drive. That staff member then boarded the six-and-a-half-hour flight to Heathrow, bringing the cornerstone of the Maersk recovery process.
According to cyber security organization specialists from the International Institute of Cyber Security, Notpetya generated more than $10 billion USD in expenses for companies around the world.