The Insurance Journal is asking if the NotPetya Windows worm was an act of war. If so, that would change any potential obligations carried by insurance policies towards claimants, in this case Merck & Co. NotPetya took over Windows computers in 2017 but was apparently originally intended to target Ukrainian Windows computers. The rest of the Windows computers may have just been collateral damage.
By the time Deb Dellapena arrived for work at Merck & Co.’s 90-acre campus north of Philadelphia, there was a handwritten sign on the door: The computers are down.
It was worse than it seemed. Some employees who were already at their desks at Merck offices across the U.S. were greeted by an even more unsettling message when they turned on their PCs. A pink font glowed with a warning: “Ooops, your important files are encrypted. … We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment …” The cost was $300 in Bitcoin per computer.
The ransom demand was a ruse. It was designed to make the software locking up many of Merck’s computers—eventually dubbed NotPetya—look like the handiwork of ordinary criminals. In fact, according to Western intelligence agencies, NotPetya was the creation of the GRU, Russia’s military intelligence agency—the same one that had hacked the Democratic National Committee the previous year.
In all, the attack crippled more than 30,000 laptop and desktop [Windows] computers at the global drugmaker, as well as 7,500 servers, according to a person familiar with the matter. Sales, manufacturing, and research units were all hit. One researcher told a colleague she'd lost 15 years of work. Near Dellapena's suburban office, a manufacturing facility that supplies vaccines for the U.S. market had ground to a halt. "For two weeks, there was nothing being done," Dellapena recalls. "Merck is huge. It seemed crazy that something like this could happen."
Earlier on SN:
Windows 7 and Server 2008 End of Support: What Will Change on 14 January? (2020)
Cyber Insurance claims NotPetya was an act of war (2019)
Original Petya Master Decryption Key Released (2017)
Related Stories
Submitted via IRC for Bytram
The master decryption key for last year's Petya ransomware was made public last week and has since been confirmed to be genuine.
Petya ransomware first emerged in March 2016, distinguishing itself from similar malware by encrypting the Master Boot Record (MBR) instead of individual files. Soon after its initial appearance, Petya was paired with another ransomware, and the pair became available as a service a couple of months later.
The last known variant of the malware was spotted in December 2016 and was referred to as GoldenEye. Dubbed PetrWrap, a ransomware family observed in March this year was using Petya for its nefarious purposes, but wasn't created by Janus Cybercrime Solutions, the name Petya's author goes by.
[...] Kaspersky security researcher Anton Ivanov has already confirmed that the key works for all Petya versions, including GoldenEye.
The release of the master decryption key is great news for those Petya victims who were unable to restore their files to date. Last year, security researchers managed to crack the first two versions of the ransomware, and the only variant not decrypted before was GoldenEye.
"Thanks to the currently published master key, all the people who have preserved the images of the disks encrypted by the relevant versions of Petya, may get a chance of getting their data back," Hasherezade explains.
The newly released master key, however, won't help users hit by NotPetya.
Key is for the original Petya not NotPetya.
Source: http://www.securityweek.com/original-petya-master-decryption-key-released
Picked via cryptogram, with the original here
...with reliance on all things digital skyrocketing, cyber threats now pose grave, even existential, dangers to corporations as well as the entire digital economy. In response, companies have begun to develop a cyber insurance market, offering corporations a mechanism to manage their exposure to these risks. Yet the prospects for this market now seem uncertain in light of a major court battle. Mondelez International is reportedly suing Zurich Insurance in Illinois state court for refusing to pay its $100 million claim for damages caused by the 2017 NotPetya attack.
Mondelez's claim represents just a fraction of the billions of dollars in collateral damage caused by NotPetya, a destructive, indiscriminate cyberattack of unprecedented scale, widely suspected to have been launched by Russia with the aim of hurting Ukraine and its business partners... According to reports, Zurich apparently rejected Mondelez's claim on the grounds that NotPetya was an act of war and, therefore, excluded from coverage under its policy agreement. If the question of whether and how war risk exemptions apply is left to the courts to decide on a case-by-case basis, this creates a profound source of uncertainty for policyholders about the coverage they obtain.
...
Many hurdles stand in the way of insurance providing a more robust solution. Data on cyber risks are scarce, and the threat is evolving constantly, often rendering data obsolete before they can be used. That means actuaries lack a credible repository of information to accurately price cyber risk. Moreover, NotPetya and other attacks with cascading effects have reinforced fears of aggregation risk, meaning the potential for a single incident to cause simultaneous losses across multiple policyholders. If Zurich had underwritten even a handful of the major corporations disrupted by the attack, it could have faced catastrophic losses from just one incident. This is a particularly acute concern for reinsurers—companies that provide stop-loss coverage, or protection against unsustainably costly claims, to other insurers—making both reinsurers and primary cyber insurance providers naturally hesitant to support more extensive cyber underwriting. The lack of adequate reinsurance backing means that carriers may become overwhelmed with claims if a systemic cyber incident causes simultaneous losses across many policyholders.
Windows 7 and Server 2008 end of support: What will change on 14 January?:
It is remarkable that Windows 7 is reaching end of support on January 14 2020 while maintaining something approaching 27 per cent market share among Windows users, according to Statcounter.
This is down from 35 per cent in December 2018 but still substantial. Windows has a share among desktop users of around 77 per cent, so that is around 20 per cent of active desktop PCs.
"End of support" means no technical support, software updates or security fixes from Microsoft. Of these, the significant piece is the security fixes. Without regular patches, flaws that are discovered in the operating system will put users at greater risk from things like ransomware attacks, perhaps triggered by an email attachment or malicious web link.
Windows Server 2008 and 2008 R2 also go out of support on the same day. Although it is less likely that users will be browsing the web or clicking attachments on Server 2008, it is still risky if these servers are exposed to the internet – as appears to be the case with Travelex, currently suffering a ransomware attack – or if they are used for remote desktop services.
Another curious feature of this "end of support" is that Microsoft will still be providing security updates for both operating systems, for three further years. So the real end of support date is in 2023. That said, you can only get these "extended security updates", or ESU, in certain ways:
- Windows Virtual Desktop (WVD) users get free ESU until January, 2023
- You can purchase Windows 7 ESU by subscription from Microsoft Cloud Solution Providers, which means most IT support companies signed up as authorised Microsoft suppliers.
- Windows 7 ESU is free for a year to customers who subscribe to Windows E5 or Microsoft 365 E5. Details are here
- Only Windows 7 Professional and Enterprise are covered by ESU.
- Windows 7 embedded can be supported through an "Ecosystem Partner Offering" support contract.
- The scenario for Windows Server 2008 ESU is similar to that for Windows 7.
[...] There is a degree of artificiality about this key "end of support" date and ways to keep old stuff patched, but the security risks are real.
(Score: -1, Troll) by Anonymous Coward on Friday January 17 2020, @02:45AM (2 children)
If by "hacked the Democratic National Committee" you mean emails, sorry but no.
Evidence points to Seth Rich, who definitely had the means and the motive and was then killed. He was a Bernie Sanders supporting IT worker for the DNC.
Proper investigation was purposely not done. The DNC servers were not examined by the FBI. Instead, a DNC-friendly company did it, helping to create a politically useful story. (not that the Obama FBI wouldn't have done likewise) Seth Rich supposedly died in an ordinary mugging... but the FBI quickly seized and then lost Seth's laptop. Seth got to the hospital alive, and it is about 90% likely that people with his injuries survive if that happens, but he died. The normal medical staff were kept away from him, leaving him with a doctor who was associated with the Podesta brothers, one of whom ran Hillary's campaign. An interesting thing in the Podesta emails is an ominous expression of willingness to make an example out of leakers.
No, it hasn't been debunked. People who would be associated with the crimes don't get to debunk anything.
(Score: 1, Touché) by Anonymous Coward on Friday January 17 2020, @03:33AM
The proper place for your post [reddit.com].
You're welcome.
(Score: 0, Offtopic) by Arik on Friday January 17 2020, @06:17AM
The rate of transfer was far too high for a remote 'hacker.' It matches the speed of common USB hardware at the time, however.
If laughter is the best medicine, who are the best doctors?
(Score: 4, Insightful) by MostCynical on Friday January 17 2020, @02:58AM (9 children)
why, depsite the number of cases of hacking/encryption ransomware attacks/etc, do large companies treat security as an after-thought?
CXOs are all too cool to listen to the "geeks"?
MBAs can see to many dollars (of potential $bonus money) going somewhere-that-isn't-their-pocket?
Also, how is it a researcher could lose 15 years of work? Isn't that the point of off-site, off-network backups?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Insightful) by Coward, Anonymous on Friday January 17 2020, @03:32AM (5 children)
Backup software can be misconfigured. Then people think they are safe, but when they try to restore the backup, it's not there. Do organizations have a check-your-backup day? If not, then some people will lose data.
(Score: 3, Interesting) by Common Joe on Friday January 17 2020, @10:17AM
Indeed. We should ban the word "Backup" and instead call it "Restores".
In more seriousness, we should probably be using the phrase "Backup and Restore" a lot more instead of just "Backups". It would combat a lot of this problem.
(Score: 2) by hendrikboom on Friday January 17 2020, @02:37PM (3 children)
How easy is it on most popular backup programs to check that a restore is possible without putting your primary data at risk in case the backup was corrupt?
(Score: 2) by deimtee on Friday January 17 2020, @08:38PM (2 children)
If you can't restore to alternative hardware then it is not a backup. So the answer is, "as easy as it is to get backup hardware".
Note that if your equipment is expensive, this might not be easy.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 2) by hendrikboom on Saturday January 18 2020, @08:12PM (1 child)
More practical for corporations than for hobbyists. Even one modest laptop can break the budget.
(Score: 2) by deimtee on Sunday January 19 2020, @01:40AM
Yes, but the average hobbyist doesn't have to restore a working corporate environment either. They are generally only concerned that the files are not lost, they can build a new environment.
In either case the equipment does not need to be as powerful and expensive as the original, it just needs to be enough to show the files are accessible. Many of the times someone will need a backup are either hardware failure or lost/stolen equipment. In both cases a backup that needs to go on the original hardware is useless.
If you cough while drinking cheap red wine it really cleans out your sinuses.
(Score: 5, Insightful) by c0lo on Friday January 17 2020, @03:36AM (2 children)
Because insurance premiums are lower than paying for proper IT personnel.
This is why this FA is relevant (just a mild-to-low interest for me, though)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 5, Insightful) by sjames on Friday January 17 2020, @05:47AM (1 child)
Unless, of course, the insurance company finds yet another way of weaseling out of payment, then you're high and dry.
(Score: 2) by hendrikboom on Saturday January 18 2020, @08:15PM
Data loss is not usually covered. The insurance company can reasonably say you should have made backups.
(Score: 3, Funny) by aristarchus on Friday January 17 2020, @03:25AM (2 children)
Under the Laws of the Sea, Letters of Marque are sovereign, but "prizes" are subject to Admiralty Courts, in the nation issuing such Letters. So if the Insurer, and the Insured, are subjects of the same corrupt monarchy, then the insurance remains in effect. How is it that so many Soylentils are ignorant of the Laws covering Piracy on the High Seas? [youtube.com]
(Score: 2) by c0lo on Friday January 17 2020, @03:40AM (1 child)
Because Global Warming brings the number of pirates down [wordpress.com].
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Friday January 17 2020, @06:46AM
https://www.statista.com/statistics/778342/global-online-tv-movie-revenue-loss-piracy-country/ [statista.com]
(Score: 3, Insightful) by Gaaark on Friday January 17 2020, @03:52AM (2 children)
I want to see more of these types of
storiesfailures: until the world sees Windows for the needless crap it is and finally packs the shite in.Gimme more!
---This message sponsored by Intelligent People Who Know Better Than to Use Crap.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday January 17 2020, @06:46AM (1 child)
How does anther operating system guard against worms and email launchd malware?
Most arguements seem to be about the care taken by users of other o/s.
Ergo replacing windows will not stop these failures. Need to replace the people.
(Score: 3, Insightful) by Arik on Friday January 17 2020, @07:48AM
By guarding against remote escalation bugs.
"and email launchd malware?"
Email launched malware was an urban legend, something to scare the technically illiterate, before Microsoft made an email client.
"Most arguements seem to be about the care taken by users of other o/s.
Ergo replacing windows will not stop these failures."
We can grant the postulate but the rest does not follow.
Why do the users of other OSs take more care? Is it entirely selection bias?
Or is there something structural about the Windows system which discourages computer literacy?
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Friday January 17 2020, @05:28AM (1 child)
hacked by ransomeware? seriously?
(Score: 1, Flamebait) by Arik on Friday January 17 2020, @06:13AM
If laughter is the best medicine, who are the best doctors?
(Score: 2) by looorg on Friday January 17 2020, @08:10AM (1 child)
"The Insurance Journal ..." so they are trying to find new and creative ways of declaring various forms of insurance payouts void? Since acts of war, and most other forms of force majeure, are normally not covered by insurance. They are just the biggest scam industry around, you sort of have to have some insurance but forgetting one payment and you are screwed but when you want money back from them there is a massive and lenghty process and you are probably only going to get minor fractions of what was lost if that.
(Score: 0) by Anonymous Coward on Friday January 17 2020, @04:33PM
That's what this is about. They don't want to pay, and they're trying to touch on certain memes in American discourse right now. Like Russia, Russia, Russia.
ORLY? Then why was the malware soliciting a whole $200 in English? "GRU" and other intelligence agencies openly solicit money? A nexus in the Ukraine? Probably because the masterminds are located in that corrupt shithole.
Now, if the insurance companies would like to argue that running Windoze is grossly negligent and not covered, I'll wholeheartedly agree.
(Score: 2) by jmichaelhudsondotnet on Friday January 17 2020, @01:39PM
1 giant evil corporation poisoning us all has really bad day,
2 say we need to get serious now about security lol
3 was accident, attack was at ukrainians
4 still only hit them because windoz
5 they mad
6 garbage insurance people bothered
7 saying this is act of war, whaaaaa lol
8 saying this is hacking when it is not even cracking
9 https://archive.is/U36hd [archive.is]
10 idea, if your security is breached those responsible for it INTERNALLY share equal responsibility to pay back the losses, including the entire executive staff and IT management who clearly have pooooooooor(or 1.3 billion poore than they previously though) judgement.
I Bet under the requirements of #10 we would start to see some real sales hits to MS/unit8200. Other memes apply, you can't even be half sure microsoft doesn't just hand out backdoors to enemies of their senior staff at this point. I have been saying this for literally years/decades as have many sn folk, but for some reason you only get paid to restate obvious lies around here.
https://archive.is/HTALt [archive.is]
https://archive.is/SiNIS [archive.is]
I may be back with a new meme....i feel one brewing. My services are also for hire in case anyone needs help accurately predicting the future of other users with MS products.