Beginning of the End: NotPetya Arrest and Aftermath
The global cyber attack known as NotPetya was one of the most devastating criminal campaigns that affected several companies and countries globally. Since the attack at the end of June, investigators have been on a manhunt for those responsible for the attack. Recently, an arrest has been made of a 51 year old Ukrainian man who, at this time, remains unnamed to the public. The man was arrested for allegedly distributing NotPetya. The man is a resident of Nikopol and was arrested in a raid on his house. This raid happened very shortly after he posted a video describing where to download and how to launch NotPetya.
Intent for Distribution
Despite the use of a full raid to apprehend the man, the police don’t seem to suspect the man of being directly involved with the original outbreak of NotPetya. However, the man did seem connected to another scheme that involved NotPetya. The man explained to police that after the attack took place in June he downloaded the virus to his file sharing server. He then proceeded to link the uploaded file to his blog. The intention for this became a little more clearer as police continued investigating his home. The malware seems to have been downloaded more than 400 times by people intentionally seeking to infect their devices. Police also found a list of companies that decided to use NotPetya as a means of concealing their own criminal activity and avoiding fines. It’s still not clearly defined what the intention of the man or if he was involved with these companies so far.
Blame for Original Attack
On July 1, 2017, the Security Service of Ukraine issued a statement accusing Russia for the infamous cyber attack. This was echoed by NATO’s cyber researchers as well, who even called for a retaliation against whichever state was proven to be responsible. Tomáš Minárik, specifically, had stated that NotPetya could be considered a violation of sovereignty and thus allows for retaliatory action. This attack only added to international tensions; however, the attack did affect Russian companies as well.
Impacts of the Attack
NotPetya has definitely shifted the paradigm on many fronts, including legal and financial. Legally, the world may see it’s first ransomware-based class action lawsuit. A Ukrainian law firm, Juscutum Attorneys Association, has decided to seize the opportunity as organize a class action lawsuit with the hopes of rallying victims of the attack. The lawsuit itself would be against M.E.Doc the company that became a vector and distributor for the attack that affected companies internationally. The lawsuit is still in the development phase and may or may not see a courtroom. The chances of the lawsuit succeeding seem high though.
Financially, NotPetya had a devastating effect for some of the victims of the cyber attack. Some companies released information to their shareholders about the impact of the attack, others releasing statements.
Moller-Maersk was one of the high profile organizations impacted, their main industry is maritime shipping. Moller-Maersk stated in a report to shareholders in which they stated “…negative results impact from the June cyber-attack estimated at a level of USD 200-300m, of which the majority relates to lost revenue in July. The vast majority of the impact of the cyber attack was in Maersk Line.”
Another high profile company was the French multinational company called Saint-Gobain who was impacted as well. In a press release Saint-Gobain stated that the cyber attack caused disruptions to their supply chain and shut down their information systems. Normal operations were not achieved until July 10. They have stated: “the negative impact is estimated at less than €250 million on sales and €80 million on operating income.”
FedEx who was also a victim of the attack, and they have stated they’re still trying to figure out the impact of the attack that halted their operations globally. So far, FedEx has been unable to determine the full cost the attack, and they have confirmed that the attack is an uninsured loss for the company.
Hopefully, we’re beginning to see the end of NotPetya, the arrest of the 51 year old man in Ukraine has hopefully brought investigators one step closer to preventing another outbreak. We’re now able to see the full cost of what one ransomware attack can have on a company. The threat posed by ransomware or any malware can be devastating. It’s best to be protected as much as possible.