AFP Contributor / Contributor
show image

Oscar Williams

News editor

NotPetya has been named “the most dangerous ransomware of 2017”

The NotPetya virus that paralysed some of the world’s biggest businesses in June has been named 2017’s worst ransomware attack.

Webroot researchers said they placed the strike above WannaCry because it was engineered to unleash chaos upon critical service providers.

Ukraine’s central government and national bank were among the first organisations to be hit by the virus. It went on to strike British advertising giant WPP, French construction materials company Saint-Gobain and several other global businesses.

While NotPetya masqueraded as ransomware, cyber security researcher, the Grugq, said the similarities with the previous Petya attack were only skin deep.

“This [malware] is definitely not designed to make money,” he said. “This is designed to spread fast and cause damage, with a plausibly deniable cover of ransomware.”

The president of Germany’s cyber agency, the BSI, later revealed that the virus had caused millions of euros of damage in the country, with some factories forced to stall production for more than a week.

The strike came just weeks after WannaCry ransomware, ranked second in Webroot’s list, forced doctors to cancel thousands of operations in the NHS. Both viruses relied on Windows exploits developed by the NSA and later leaked by hackers. Microsoft had already released updates to fix the flaws.

The National Audit Office reported last month that the WannaCry strike could have been stopped if NHS trusts had implemented the patches. The attack prompted the government to pledge an extra £50m for improving cyber security and patient data in the NHS.

David Dufour, vice president of engineering and cyber security at Webroot, said 2017’s cyber attacks were unparalleled: “Attacks such as NotPetya and WannaCry were hijacking computers worldwide and spreading new infections through tried-and-true methods.

“This list is further evidence that cybercriminals will continue to exploit the same vulnerabilities in increasingly malicious ways.”

The full list is published here.