NotPetya is NOT Ransomware

[straycat19]

I received the following in an email from a security researcher who owns his own company and is nationally known but probably wouldn't like having his company or name associated with nsane.  So I will not include that information.  But the information in the email is accurate and has been verified by multiple security professionals.

 

Email:

 

NotPetya is a destructive disk wiper similar to Shamoon which has been targeting Saudi Arabia in the recent past.

 

Note that Shamoon actually deleted files, NotPetya goes about it slightly different, it does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.

 

Someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. Guess who.

 

You never had a chance to recover your files. There are several technical indicators that NotPetya was only made to look as ransomware as a smoke screen:
1.It never bothers to generate a valid infection ID 
2.The Master File Table gets overwritten and is not recoverable 
3.The author of the original Petya also made it clear NotPetya was not his work 

 

This has actually happened earlier. Foreshadowing the NotPetya attack, the author of the AES-NI ransomware said in May he did not create the XData ransomware, which was also used in targeted attacks against Ukraine. Furthermore, both XData and NotPetya used the same distribution vector, the update servers of a Ukrainian accounting software maker.

 

Catalin Cimpanu, the Security News Editor for Bleepingcomputer stated: "The consensus on NotPetya has shifted dramatically in the past 24 hours, and nobody would be wrong to say that NotPetya is on the same level with Stuxnet and BlackEnergy, two malware families used for political purposes and for their destructive effects. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware."