Curious to know what Tuesday’s global cyber attack looked like inside the businesses that found themselves victim? Wonder no longer.
Daniel White, a cartographer who, in his spare time, runs a popular YouTube channel about computer viruses, published a video demonstration of the malicious software in action on Thursday. The demo had about 30,000 views at press time.
In the video, White, who goes by the online alias “danooct1,” spins up four virtual machines—computer simulations within another computer—each running versions of Microsoft Windows and connected on a local area network. The simulations contain copies of identical “dummy files,” which White uses to show the progress of the attack.
Get Data Sheet, Coins2Day’s technology newsletter.
Within minutes of setting the malware into motion on one of the machines, the infection spreads across the network and runs its destructive course. One by one, White’s dummy files are encrypted, rendering them into inaccessible, alphanumeric gobbledygook.
The malware—referred to as Petya, NotPetya, ExPet, Nyetya, along with other names—then forces the systems to reboot. When the computers come back online, their screens display false notes about “repairing” file systems until, ultimately, ransom notes demanding $300 in Bitcoin appear.
You can watch the full video below.
The cyber attack, which initially spread out of Ukraine, took down corporate networks at the Danish shipping company Maersk, American drugmaker Merck, Russian oil giant Rosneft, British ad agency WPP, and British law firm DLA Piper, among other places. To spread the attack far and wide, the perpetrators apparently used hijacked auto-update software from a Ukrainian firm, leaked U.S. National Security Agency hacking tools, flaws in Microsoft Windows, and common IT administrative software, researchers has said.
There has been some contention among security researchers about whether to classify this malware as a buggy piece of ransomware that, purposely or not, fails to provide a way for people to restore their systems, or as a “wiper,” intended from the outset to raze these networks. Both sides agree, however, that once infected, victims have little hope of recovering their data—even if they pay the demanded sum.