Ransomware as Camouflage, and More Diversions

[Dear Reader: please note that The Guardian has no paywall (yet), so if you read the article linked to below, you should really think of making a donation.  All the more so since journalists are under serious attack.]

The uproar over the somewhat-misnamed “Petya” ransomware attack has largely drowned out the near-certainty that the “ransom” part wasn’t the half of it.  Experts point to many clues that imply the malware was most probably a destructive virus disguised as ransomware—and its primary target was the government of Ukraine. See this article in The Guardian, and scroll down to the part titled “Who is behind the attack”:

More on “Petya” from The Guardian

There’s a deeper deception probably going on. One of the early targets was the Russian oil company Rosneft, but Rosneft reported its drilling operations were unaffected due to switching to a backup server system. Russian banks were also hit, but so far no disasters have been reported; the Russian central bank referred to “isolated cases” of infection.

But Ukraine got clobbered with disruption of the power grid in addition to banks, energy companies, and the capital’s airport. Otherwise, the targets appeared to have been picked almost at random—for example, the candy manufacturer Mars Inc. (At news of the last victim, droves of shoppers were observed ducking out of supermarkets with sacks full of M&Ms,  Snickers bars, and Three Musketeers bars.  I have not heard of a statement from Mars [the company, not the planet] yet.)

I hate to be accused of being a conspiracy theorist, but it appears that attacks on firms like Rosneft, Danish shipping company Maersk, and pharmaceutical giant Merck, were mere feints designed to distract attention from the primary target, Ukraine—the country where the malware originated and was the country most damaged by the attacks. You have to ask yourself (or ask me, I have a hunch) why Rosneft so easily dodged the bullet with backup servers; how did they know the bullet was coming?

The whole operation has all the signs of being initiated by that master trickster and leader of a major country with designs on Ukraine. So as not to be thought of as committing slander, I will not identify him except to say that his initials are V.V.P.  (patronymic included).




Leave a Reply

Your email address will not be published. Required fields are marked *