What can we learn from the "most devastating" cyberattack in history?
As countries around the world fight increasingly destructive cyberattacks, Wired investigates what it calls "the most devastating cyberattack in history" in its September cover story. The cyberweapon NotPetya started in Ukraine in June 2017. It quickly spread, paralyzing major companies, including FedEx, Merck, and Maersk, the world's largest shipping firm. Ultimately it caused more than $10 billion in damage.
"We didn't know when this happened at the time, the kind of devastation it actually inflicted on these companies," said Wired senior writer Andy Greenberg, who adapted the article from his upcoming book, "Sandworm," about the Russian agents allegedly behind this attack.
"This was Russian military intelligence hackers unleashing a piece of malware using zero-day vulnerabilities — vulnerabilities we haven't patched in our systems that we maybe can't patch," he explained. "So it spreads unintentionally to the rest of the world. It was meant to be a cyberwar attack on their enemies in Ukraine."
Greenberg said it's difficult to prevent these types of attacks from what he called "ultra-sophisticated hackers." But according to Wired editor-in-chief and CBS News contributor Nicholas Thompson, resiliency may be key. He referenced a part in the article where Maersk was able to find one remote office in Ghana which had a power outage when NotPetya struck, and was able to get their network back online.
"Backing up your system, making an offline copy of all of your data, is one way to recover from this. When you get hit with a ransomware attack that encrypts your entire computer, that may be the only way," Thompson said. "You can't necessarily prevent that but you can have that offline backup as a recovery. This kind of resilience is maybe the solution."
Greenberg and Thompson both said a deterrent is important.
"What we need to do is first send a message to countries like Russia that this is unacceptable, this kind of reckless attack can't happen again," Greenberg said.
Thompson pointed to Facebook announcing on Tuesday that the company had removed more pages, accounts and groups linked to influence campaigns originating from Iran as well as Russia.
"Why are they doing that? Well, lots of reasons, but one is because there's no deterrence," Thompson said. "There were no consequences for Russia for what they did, so it's not surprising that the rest of the world is going to copy them."