Why was Petya bigger than WannaCry?

Why was Petya bigger than WannaCry? | Insurance Business

Why was Petya bigger than WannaCry?
The global cyberattack originally dubbed Petya, and later reclassified as NotPetya, spread through Windows computers throughout Europe and into the US.

The ransomware assault demanded $300 for stolen data the hackers threatened to erase – and has once again put cyber insurance on brokers’ radar, according to Graeme Newman, chief innovation officer at CFC.

“It is important for brokers to understand that the threat is very real and can be of huge cost to businesses,” he said. “The nature of crime has changed – moving from real world physical crime, to electronic crime. The insurance policies that we buy today need to be fundamentally different to the ones from yesterday. That’s where cyber insurance fits in.”

Search and compare product listings for Cyber Insurance from specialty market providers here

But what’s the value of cyber insurance if it only costs $300 to get your data back?

“The ransom is not really the cost that is being insured – it is the system damage, repair and business interruption (which can run in to millions),” Newton said. “In the case of NotPetya the email address and Bitcoin wallet provided to pay the ransom were quickly shutdown meaning you couldn’t pay if you wanted to.

“Incidentally though we are now seeing a steady increase in the amounts demanded, we actually saw a $1 million demand embedded within some ransomware recently.”

Newton contends that this hack did more damage than WannaCry, it’s very recent ransomware predecessor.

“The ‘payload’ for this particular piece of malware was far more destructive than Wannacry and in fact any type of ransomware we’ve seen previously,” he said. “Rather than purely encrypting files, NotPetya acted as a wiper virus (similar to Shamoon) that destroys the master boot record on a computer making it much more expensive to repair and reconstitute. The major difference between WannaCry and NotPetya however came in how they propagated.

“WannaCry was a true worm, meaning that it automatically spread across the internet jumping from computer to computer. NotPetya did not act like a true worm, it was simply designed to spread across the local network of an infected host. This means that infections peaked very quickly. So bottom line is it infected more computers far more quickly, but the infection peaked early. The costs incurred for those companies infected with NotPetya will be significantly more than those with WannaCry.”

The virus seems to have originated in a regular update with the intention of disrupting Ukrainian financial dealings.

“It appears the infection spread from an automatic update issued by a Ukrainian tax accounting software firm,” Newton explained. “This appears to be a very targeted attack against the Ukraine with a motivation of destruction rather than financial gain. The businesses hit outside of the Ukraine were merely collateral damage.”


Related stories:
Huge global breach could cost firms 10 times more than WannaCry
Why the cyber insurance market is changing