Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday January 17 2020, @02:29AM   Printer-friendly
from the Windows-TCO dept.

The Insurance Journal is asking if the NotPetya Windows worm was an act of war. If so, that would change any potential obligations carried by insurance policies towards claimants, in this case Merck & Co. NotPetya took over Windows computers in 2017 but was apparently originally intended to target Ukrainian Windows computers. The rest of the Windows computers may have just been collateral damage.

By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down.

It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were greeted by an even more unsettling message when they turned on their PCs. A pink font glowed with a warning: “Ooops, your important files are encrypted. … We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment …” The cost was $300 in Bitcoin per computer.

The ransom demand was a ruse. It was designed to make the software locking up many of Merck’s computers—eventually dubbed NotPetya—look like the handiwork of ordinary criminals. In fact, according to Western intelligence agencies, NotPetya was the creation of the GRU, Russia’s military intelligence agency—the same one that had hacked the Democratic National Committee the previous year.

In all, the attack crippled more than 30,000 laptop and desktop [Windows] computers at the global drugmaker, as well as 7,500 servers, according to a person familiar with the matter. Sales, manufacturing, and research units were all hit. One researcher told a colleague she'd lost 15 years of work. Near Dellapena's suburban office, a manufacturing facility that supplies vaccines for the U.S. market had ground to a halt. "For two weeks, there was nothing being done," Dellapena recalls. "Merck is huge. It seemed crazy that something like this could happen."

Earlier on SN:
Windows 7 and Server 2008 End of Support: What Will Change on 14 January? (2020)
Cyber Insurance claims NotPetya was an act of war (2019)
Original Petya Master Decryption Key Released (2017)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0, Offtopic) by Arik on Friday January 17 2020, @06:17AM

    by Arik (4543) on Friday January 17 2020, @06:17AM (#944433) Journal
    In addition to this, as VIPs pointed out, the timestamps allow us to time the transfer.

    The rate of transfer was far too high for a remote 'hacker.' It matches the speed of common USB hardware at the time, however.
    --
    If laughter is the best medicine, who are the best doctors?
    Starting Score:    1  point
    Moderation   -2  
       Offtopic=2, Total=2
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   0