Portrait of a Digital Weapon - NotPetya
The nation-state use of cyber weapons is on the rise.
It’s obvious to see why when considering their advantages over traditional weaponry, as they can be deployed remotely to cause massive amounts of damage, and when covertly used lend an air of plausible deniability. Portrait of a Digital Weapon – NotPetya is second in a series that depicts the uses of these enigmatic weapons though an anesthetization of their components. When activated, this piece displays the decompiled code of the NotPetya malware, a virus that in 2017 targeted Ukrainian computers and caused over $10 billion in damages.
The virus, named after a similarly presenting ransomware called Petya, shut down large parts of computer systems in Ukraine and abroad on starting on June 27th, 2017. The following day, Ukraine’s Constitution Day, large portions of the countries computer systems were unusable. Government agencies like the National Bank of Ukraine were hobbled, the Kyiv Metro system had to revert to cash only, and large swathes of ATMs and commercial Point-of-Sale systems were wiped. It’s very method of distribution was calculated as an attack. NotPetya was unwittingly spread via the Ukrainian tax software ME-Doc – a country specific software that operates like Turbo-Tax – to target groups that would be paying Ukrainian taxes. Though it was modeled to appear as the Petya ransomware, it was ransom in name only, as once the ransom was paid there was no key sent to decrypt the files on an infected computer. Any computer successfully infected with the virus was in effect wiped, as all files contained within became encrypted without recourse.
Though there’s no smoking gun, multiple groups have attributed the use of this cyber weapon to a group within the GRU – Russia’s Foreign Military Intelligence Agency – nicknamed Sandworm. One aspect of note of the virus is that part of the code that made NotPetya so virulent was in fact stolen from the NSA – The USA’s Signals Intelligence Agency – and used after it was leaked online. Another block of code was lifted directly from a program called Mimicatz, a security tool developed by French Researcher Benjamin Delpy. Both were posted online to be used freely and ended up making their way into this deeply destructive attack. This was a Russian attack on Ukraine using US and French code that went on to infect computers around the world. What other weapons could claim such ripple effects?
2022 - UV Print on Plastic, Networking Hardware, Custom Electronics, Gilded Frame, and the Decompiled NotPetya Virus - 27” x 23” x 3”
https://en.wikipedia.org/wiki/Petya_and_NotPetya
Satellite imagery via Sentinel Hub
NotPetya sample via fabrimagic72 on GitHub
All images of this work on this page are free to use via the following creative commons license. A gallery of high-resolution images of this work can be found here - [Gallery]
