TOPICS > World

How a sophisticated malware attack is wreaking havoc on Ukraine

June 28, 2017 at 6:30 PM EDT
Governments and industries the world over are trying to deal with a new cyberattack, originating Tuesday in Ukraine and spreading rapidly through Europe and beyond. The new attack shows signs of greater technical sophistication than one in early May, but both apparently used a leaked tool developed by the NSA. Hari Sreenivasan speaks with Rodney Joffe of Neustar, Inc., about what's at stake.

JUDY WOODRUFF: As we reported earlier, governments and industries the world over are trying to deal with effects of the latest in a series of cyber-attacks. The so-called ransomware assault is the second such strike in the last six weeks.

Hari Sreenivasan in New York has more.

HARI SREENIVASAN: This attack originated yesterday in Ukraine, and rapidly spread through Europe and beyond. The virus is called Petya, and it takes over infected computers, effectively locking out users.

A payment is required to return control of the machine and data. In early May, a similar virus called WannaCry spread to over 150 countries.

This new attack shows signs of greater technical sophistication, but both apparently used, in part, a tool developed by the U.S. National Security Agency, a tool that was leaked into the open last year.

With me now for more on this is Rodney Joffe. He is the senior vice president and national security executive for Neustar, a cyber-security firm.

Rodney, it seems that we have not learned that much from what happened two months ago, but it seems that the attackers have learned a little bit more.

RODNEY JOFFE, Neustar, Inc.: There’s no question that this is more sophisticated.

When we look at the code, when we look at the mechanism that was used, this one is much more sophisticated. It actually uses three different vectors we have seen so far. The vector you’re talking about that was used in WannaCry is the third option that is used by this one. It uses two others, but the damage is much more significant in this case.

This is not looking like so much like ransomware anymore, but it’s starting to look like it’s a deliberate attempt to cause havoc by destroying machines.

HARI SREENIVASAN: Is this something that a hacker collective would do, or is this something that a state government would be interested in doing, destabilizing Ukraine from all of these companies that do business with it or pay taxes to it?

RODNEY JOFFE: You know, it’s real tough these days to tell where the dividing line is between the criminals and nation states, and they really do work hand in hand, especially in Eastern Europe.

But if you look this, the criminals are obviously out there for financial gain. This was set up in such a way that there’s very little chance of much in terms of financial gain.

I think, as of last evening, by the way, there was $10,500 that had actually paid into this wallet. And I have got to tell you that the effort that went into writing the code and distributing it clearly cost a lot more than $10,500.

HARI SREENIVASAN: What is the measurable impact on Ukraine going forward?

RODNEY JOFFE: I think that the biggest problem that they’re going to be facing is the fact that the ability to pay taxes to the state is seriously affected.

We have seen images that were tweeted of things like supermarkets where the checkout systems had been compromised — and we’re showing the screen. We also see the very large — obviously, the multinational shipping line that has now been affected.

So, it looks like a deliberate attempt to cause some kind of significant financial impact, not just on the citizens of Ukraine, but on Ukraine itself.

HARI SREENIVASAN: You know, when you said you noticed differences in the design between the WannaCry and this, do we have any indication that paying these people off actually gets you your data back, or was it not even designed to do that?

RODNEY JOFFE: Theoretically, it was designed to do that, but it’s clear so far that the mechanism that was put in place to actually collect ransom is nowhere near the sophistication of the malware itself.

And you don’t think that someone would have made that kind of mistake, built something that was very, very effective to compromise, and no real ability to collect.

We haven’t seen or heard of anyone so far who has been able to decrypt it. And what we also know is that, within a very short time after the malware was discovered, the single e-mail address that was needed to communicate with was actually shut down by the provider.

So that’s one reason that I believe that no one is going to be able to easily get their data back. The second thing is that there are reports that are surfacing now, as folks have looked at the code, that there is at least one bug in the code that actually makes it so that decryption is not possible.

HARI SREENIVASAN: Are the rest of us basically collateral damage when it comes to what’s happening, say, between Ukraine and Russia? This is falling on the day now where this is Constitution Day for Ukraine. They’re celebrating their independence from Russia, what, 21 years ago.

RODNEY JOFFE: We clearly are collateral damage. This was obviously targeted at Ukraine.

But it is affecting others. However, one of the things that we have learned in the past is that, in many ways, the people behind a lot of the malware don’t care about the collateral damage. They have a single target or a single objective, and they don’t really seem to care. We have seen that for years. This is no different.

HARI SREENIVASAN: Rodney Joffe joining us from Washington, D.C., tonight, thanks so much.

RODNEY JOFFE: Thanks for having me.