Andy Greenberg published in the edition of WIRED is an excerpt of his book Sandworm on the history of the largest hacker attack, called NotPetya, which paralyzed the port, corporations and government agencies.
27 July 2017, the year the largest logistics conglomerate with head office in Copenhagen, A. P. Møller-Maersk has undergone to hacker attack, which resulted in the computers of the company, after the sudden reboot, began to appear about the encryption of all the data for ransom of 300 million dollars in bitcoins.
When the whole office was covered by a wave of “black screens”, and the staff panicked, the scale of the crisis became apparent. Even the corporate key was paralysed by a virus. To disable the global network of Maersk’s technical staff took 2 hours in panic mode. After that, most employees received an order to turn off the computers and leave the workplace. The system is responsible for 76 ports and 800 ships around the world, was completely paralyzed: almost 1/5 of the world’s logistics capacity is frozen.
On this day, located in the heart of Kiev, the family company Linkos Group, which was engaged in optimizatsii accounting system M.E.Doc became the “zero mark” for the launch of the largest ever hacking attack, named NotPetya.
Hackers introduced a code spread automatically, quickly and indiscriminately, infecting computers around the world, said Craig Williams, Director of the division of Talos in Cisco, which was one of the first able to trace the roots of the attack:
“Today, it’s the fastest spreading virus we have ever met. Grab it for a second and your database will be lost”
The company Cyber Threat Alliance stated that the program Eternal Blue was stolen from the National Security Agency USA (NSA) last year a group of hackers Shadow Brokers, who posted the program code in open access. Next, the code used in the organization of high-profile attacks WannaCry and NotPetya. The developers NotPetya also used by the French expert on cyber security-system Mimikatz.
Start NotPetya was the beginning of a cyberwar. A few hours after activation, the virus crossed the borders of Ukraine, infecting computers around the world, from hospitals in Pennsylvania to the chocolate factory in Tasmania. The virus affected international companies such as Maersk, Merck, FedEx, Saint-Gobain, Mondelēz, Reckitt Benckiser and Rosneft that has led to losses of more than $ 10 billion, according to estimates by the White House.
The security adviser to the administration trump Russert said in February that the main suspects in the largest attack Russian military is attacking Ukraine:
“And although there were casualties, it was equivalent to the explosion of a nuclear bomb, from the point of view of tactics. Acting with reckless indifference of this magnitude on the world stage we can’t accept”
The scale of the attack showed the vulnerability of systems around the world, and the largest goal of the attack was not disclosed. Davos was voiced the opinion that the attack was “very important but very expensive “Wake-up call”.