When the Wannacry ransomware tore through the UK and Europe in May, there was a certain logic to the heightened scale of damage. Ransomware attacks were nothing new, but this one had a secret weapon, a sophisticated software exploit known as EternalBlue, published by the Shadow Brokers in April and believed to have been developed by the NSA.
It was nation-state level weaponry turned against soft, civilian targets, like robbing a small-town bank with an Abrams tank. If you were looking for answers on how it spread so far so fast, you didn’t have to look far.
Petya is still using EternalBlue, but by now many of the target organizations are protected, and that exploit is far less crucial to the ransomware’s spread. Instead, Petya exploits more fundamental vulnerabilities in the way we run networks and, more crucially, deliver patches. They’re not as eye-catching as an NSA exploit, but they’re more powerful, and could leave organizations in a much more difficult position as they try to recover from today’s attacks.
