Has Russia learnt from the fallout caused by NotPetya?

March 4, 2022 | Brigantia , Cybersecurity
Angus Shaw

Written by
Angus Shaw

Has Russia leant from the fallout caused by NotPetya?

In 2017, NotPetya was used in an attempt to seriously harm Ukrainian businesses, and it worked remarkably well. However, given that it was designed to self-propagate, it escaped the confines of Ukraine and set about causing chaos and mayhem around the world to the tune of an estimated £7.5 billion. For understandable reasons this did not make the alleged nation state behind the attack overly popular on the global stage.

As I write, Russia is sending in large numbers of troops to Ukraine and things are getting pretty fierce. What seems to be missing are the large numbers of cyber offensives that the world was expecting to go alongside this invasion. Instead there have been a couple of very targeted campaigns which look to have been specifically designed to not spread outside of the target arena.

The first is to try to take down Ukrainian government websites using DDOS attacks; no chance of those hurting anything that they are not aimed at. The second is the reported HermeticWiper which is malware designed to prevent computers from being able to boot up. The interesting element is that HermeticWiper has been designed to not self-propagate…

It seems very unlikely that whichever organisation made HermeticWiper simply forgot to build in the ability for this to go and infect everything by spreading in a virus-like fashion. That must mean that this is a deliberate act to produce a weapon that will only damage what it has been pointed at. The question is why?
Is it fear of this new weapon accidently attacking the side that made it? Or is it something more along the lines of an attempt to avoid releasing a new cyber weapon on the rest of the world? Given how unpopular the Russian invasion of Ukraine is across almost all of the world, it might be an attempt to not further anger other countries, and to not give them grounds to retaliate; being on the receiving end of a cyber weapon that is being used in a war could be seen as such grounds.

I don’t pretend to have the answer to this question. It may all change, and Russia may indeed launch an internationally devastating cyberattack, but this has not occurred yet in this conflict.

One thing is for sure though, nobody is safer as a result of what is going on. If you have been putting off building your cyber defences then now is the time to reconsider your position. Get professional help with this as it will be much cheaper in the long run.

Contact us

Recommended Reading

How MSPs can better protect their customers

MSPs these days are overburdened. With tens of different vendors to manage across various service offerings ...

NHS hit by a ransomware attack on third-party software service provider

NHS hit by a ransomware attack on third-party software service provider.   A ransomware attack on a ...

An interesting twist in ransomware

You've probably heard about the recent ransomware attack on Wootton Upper School and Kimberly College, both ...