Ukraine’s security service SBU is now taking help from the FBI, Europol, the UK’s National Crime Agency and some others to find the culprits behind last week’s Petya malware attacks.
The Petya malware attack compromised Ukraine’s power grid, its central bank, and two postal services by exploiting a tax filing software.
Ukrainian authorities had confirmed earlier this week that while they had initiated an investigation into the cyber-attack, they were reasonably convinced that the attack was sponsored by Russia. Despite being assisted by Cisco, the authorities have not been able to pinpoint the source of Petya cyber-attacks so far.
To quicken the pace of their investigation, the country’s security service SBU today confirmed that they are taking help from a number of international security agencies and organisations to identify the culprits behind the malware attacks.
“The SBU specialists in cooperation with the experts of FBI USA, NCA of Great Britain, Europol and also leading cyber security institutions, conduct coordinated joint events on localization of damaging software Petya distribution, final definition of methods of this act of cyber terrorism, establishing of the attack sources, its executors, organisers and paymaster,” the SBU said.
The Petya cyber-attacks had destabilised operations in banks, media organisations, communication facilities, transport, telecommunications, and energy departments. Among the hardest hit were Ukr telecom, Dniproenergo, Ukrzaliznytsia, Kiev -Boryspil Airports, and the Cabinet of Ministers of Ukraine. Popular aircraft manufacturer Antonov was also reportedly hit.
The SBU also said that authorities were focussed on “the search of possibilities for data decoding and groundwork of guidelines for prevention of virus distribution, neutralization of other negative consequences of this emergency.”
The reason why so many agencies from across the world are coordinating in researching the cyber-attack is that even though Ukraine has been the hardest-hit, the cyber-attack has also affected operations at global firms like Danish shipping company Maersk, Russian oil giant Rosneft, aircraft manufacturer Antonov, US pharmaceutical giant Merck as well as its subsidiary Merck Sharp & Dohme (MSD) in the UK.
“This isn’t about the money. This attack is about disabling how large companies and governments can operate. You get a double whammy of the initial cyber attack and then organizations being forced to shut down their operations,” said Brian Lord, a former deputy director of intelligence and computer operations at Britain’s Government Communications Headquarters to The New York Times.
“The most significant discovery to date is that the Ukrainian website for the Bakhmut region was hacked and used to distribute the ransomware to visitors via a drive-by-download of the malicious file. To our knowledge, no specific exploits were used in order to infect victims. Instead, visitors were served with a malicious file that was disguised as a Windows update,” noted researchers at Kaspersky Labs.