Reply to post: Re: Lots of fishiness here.

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

thames

Re: Lots of fishiness here.

@John Smith 19 - The whole thing has more of a smell of an inside job in the Medoc software company. My own list of suspects would start with recently terminated sys admins.

The activation date is simply explained by this is targeting businesses, whose PCs would often be shut down on a holiday. The file types targeted also point to businesses as the target, since MS Word documents are going to be more common and more valuable than photographs in most cases.

A current or former sys admin may have access to the update servers, and he may also have the contacts in the Ukrainian hacker community to get a virus commissioned for the job. He wouldn't however necessarily be familiar with the money making end of the ransomware business, and under estimated the effort required to put together a robust payments system (as many, many, software developers do when it comes to legitimate business).

There are loads of incompetent virus operators and spammers out there. I get loads of spam where the sender didn't configure their software properly and sent a blank template or forgot to attach the virus payload. We don't need to over-think the whole issue. If the Russian state were behind it, I would be very surprised if they fell short of making a convincing effort by not getting the payments end of things set up properly. They would in fact probably simply outsource the whole job to a criminal virus/ransomware gang who were well versed in how to do things properly end to end and who would simply collect the money as usual.

The balance of probabilities suggests a botched criminal inside job by someone who had access to the means of distribution but wasn't experienced in running a ransomware operation.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon