OK, after 24 hours of monitoring this new Petya ransomworm outbreak, I am calling it.
This has been brewing under the surface for a few years, but now we are dealing with open cyber warfare here. Like it or not, as an IT Pro, you have just found yourself on the frontline of 21-st century war.
The Ukraine is locked in a bitter proxy fight with Russia since the annex of the Crimean peninsula and the separatist war in eastern Ukraine. Russia's GRU, the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation is likely behind this.
Like it or not, as an IT Pro, you have just found yourself on the front line of 21-st century war.
The official full name is Main Intelligence Agency of the General Staff of the Russian Armed Forces. The GRU is Russia's largest foreign intelligence agency. In 1997 it deployed six times as many agents in foreign countries as the SVR, the successor of the KGB's foreign operations directorate. It also commanded 25,000 Spetsnaz troops in 1997. Source: WikiPedia
The GRU has its own cyber armies and works together with sophisticated hacker groups like APT28 which also goes by Fancy Bear. These are typically the guys behind attacks like this, however, this particular infection is a new low, because it's main goal is destructive, masked as a ransomware attack.
Vladimir Putin recently approved of Patriotic Russian Hackers. Well this is what you get when you unleash those hounds: a lot of collateral damage, even including Russia's own major oil company Rosneft, ironically owned for a good chunk by Putin himself.
Make sure you have weapons-grade backups, patch religiously, and step users through new-school security awareness training.
Let's stay safe out there.
Warm regards,
Stu Sjouwerman,
Founder and CEO, KnowBe4, Inc
