Malware & other nasty IT / cyber things

[OUTLAW 09]

One interesting item is the limited execution time of 60 minutes.

I'm not a cyber SME, but I wonder where 60 minutes sits on the continuum?

If on the low end, and assuming it was done so intentionally, does that mean this might have been meant as both an intentional attack(not ransomware) on Ukraine as well as a message NATO/EU/US unlikely to draw a direct cyber counterattack?

To me, if the 60 minute execution time is quite short, then it would seem to be designed to burn out like digital Ebola with a limited incubation period, instead of lingering like the Plague.

You have some interesting comments....there is nothing by accident on this malware....appears to be sloppy in coding but highly destructive when unleashed...appears to be ransomware but it is really a wiper of MBF of computer...and interestingly when detected by say AV or MS Defender software it immediately starts to destroy the MBF with no hesitation whatsoever...

Coupled with a LASDump hacking tool designed to collect all passwords laterally from the infected pc as well as all lateral domain servers and pass that info via exfil then this was in fact a highly thought through cyber attack...setting up the network for future easier attacks...

BTW..you are correct..by appearing to be at first a ransomware they slide under the Article 5 radar......that was intentional...

Alone the damage to Maersk Shipping was a total of 480M USDs...that is a lot of damage for a so called ransomware.

PLUS the choice of targets were exactly what you would expect from a direct cyber invasion...banks and ATMs, fuel points, food stores, radio and TV and social media, transportation ground and air and the central bank....all designed to create panic and confusion in the first hours...

https://www.theguardian.com/technolo...ukraine-russia

A ransomware attack that affected at least 2,000 individuals and organisations worldwide on Tuesday appears to have been deliberately engineered to damage IT systems rather than extort funds, according to security researchers.
The attack began in Ukraine, and spread through a hacked Ukrainian accountancy software developer to companies in Russia, western Europe and the US. The software demanded payment of $300 (£230) to restore the user’s files and settings.
The malware’s advanced intrusion techniques were in stark contrast with its rudimentary payment infrastructure, according to a pseudonymous security researcher known as “the grugq”.

The researcher said the software was “definitely not designed to make money” but “to spread fast and cause damage, [using the] plausibly deniable cover of ‘ransomware’”.
This analysis was supported by UC Berkley academic Nicholas Weaver, who told the infosec blog Krebs on Security: “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.”