As the haze of speculation surrounding the recent massive global ransomware attack starts to clear, new allegations have emerged about a possible motive behind the incident.
The ostensible purpose of the so called Petya virus, which caused widespread damage across different continents, was to make money although it appears that those behind the attack made very little money out of it.
According to new evidence, the primary target of the crippling computer virus that spread from Ukraine across the world is highly likely to have been the Russian oil giant Rosneft.
Petya could have paralyzed thousands of machines at companies around the world — from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States.
Ukrainian politicians were very quick to blame Russia, but a Kremlin spokesman dismissed “unfounded blanket accusations.” Kiev has accused Moscow of two previous cyber strikes on the Ukrainian power grid and other attacks since Russia annexed Crimea in 2014.
But it was conveniently overlooked by some that Rosneft, Russia’s largest oil producer, was particularly hard hit, debunking initial theories that Moscow was behind the cyber attack, the second major incident of its kind in recent months. It has been asked: why would Russia want to cause an attack which could have paralyzed one of its own companies?
As cyber security firms try to piece together who was actually behind the computer worm, it has now been alleged that the massive hacker attack that hit Rosneft and others was related to the company’s ongoing court action against rival Sistema.
A growing consensus among security researchers, armed with technical evidence, suggests the main purpose of the attack was aimed at Rosneft with other victims, in Ukraine and elsewhere, merely intended as cover.
According to a Russian investigative journalist, the sole objective was to destroy documents held by Rosneft relating to the company’s on-going litigation against Russian conglomerate Sistema and its major shareholder Vladimir Yevtushenkov.
The journalist, writing under a pseudonym for fear of reprisals, wrote: “Even if we do not directly state that Sistema was responsible who from Russia could mount such a powerful attack? Who else but Vladimir Yevtushenko’s company? His company MTS is one of the leaders in the IT industry.” MTS, Russia’s largest telecoms company, is part of Yevtushenkov’s Sistema conglomerate.The journalist said that the aim of the attack was “clearly different” to the theories put forward so far.
He added: “It is interesting that 30 minutes after the attack there was an attempt to spread rumours that Rosneft’s oil rigs had allegedly stopped and production output had been cut by a third. According to information from our sources, these rumours bore no relation to reality.Rosneft earlier this year filed a lawsuit against Sistema for 170 billion rubles, or about €2.8 billion.Sistema lost over a third of its market value after Rosneft launched the court action.
Last week, a Rosneft spokesman said, “We hope the attack has no relation to the ongoing court procedures,” referring to the ongoing litigation against Sistema. Rosneft accuses Sistema of taking $3 billion in assets from Bashneft, an oil company that Rosneft now owns.
Rosneft says that the 27 June cyber attack “could have led to serious consequences,” but for the fact that it switched to a backup server system and its drilling operations had not stopped.
Sistema is owned by oligarch Yevtushenkov, and the litigation is seen as part of a feud between him and Igor Sechin, Rosneft’s chief executive.A court in Russia recently froze Yevtushenkov’s holdings in MTS, Russia’s largest mobile operator.
As investigations continue experts are increasingly of the view that the malware was disguised as an extortion attempt but in fact was designed to destroy files.This leads to an uncomfortable question: what if money wasn’t the point? What if the attackers just wanted to cause damage to a rival company?
The theory is that, rather than extortion, the goal of those behind the devastating Petya virus may have been not only to simply destroy potentially vital documents related to a domestic court case in Russia, but also to paralyse Russia’s biggest company.
If so, the collateral damage spread far beyond Russia’s borders. Whatever the reason, the damage caused reached a truly global scale.