A latest global ransomware attack has been spreading fast causing major disruption in massive firms, airports, and government departments. Here’s what you need to know.
PETYA cyber attack is spreading across the world.
Many organizations in Europe and US has been attacked by the ransomware called Petya. Not a month ago the Wannacry ransomware tore through the UK and Europe causing heightened scale of damage. Ransomware attacks are pretty common lately, but this one had a secret weapon, sophisticated software exploits known as EternalBlue.
EternalBlue is a tool created by the National Security Agency (NSA) and leaked online by the Shadow Brokers that exploits a problem in Microsoft’s software. Experts believe that Petya could have used EternalBlue like wannaCry. Instead of focusing poorly patched systems like WannaCry, Petya seems to have hit hardest among large corporate networks, a pattern that’s partially explained by how the virus spread
What is Petya Cyber Attack?
Petya could be a variant of Petya.A, Petya.D, or PetrWrap that locks a computer’s hard drive as well as individual files stored on it. The post from Kaspersky notes, “This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within corporate networks.”
Where did it begin?
A wave of ransomware attacks spread like wildfire on Tuesday. Ukraine and Russia were the first countries to fall in prey for Petya cyber attack. Soon the victims spread across countries including Britain, France, Germany, Italy, Poland, India, and the United States.
Many Systems that failed to patch up against the Microsoft vulnerability began seizing up worldwide, locking employees out of their desktops, and displaying on-screen demands for payment of $300 in Bitcoin when they tried to access their files and folders.
Should you pay the ransom?
The general advice is no, you should not pay the ransom. Even if you pay, there is no guarantee the files and folders will be returned. And funding the cyber crimes will end up encouraging the attackers to develop further attack in future. Users are advised to restore all files from a backup. If this isn’t possible, don’t lose hope. There might be some tools that can decrypt and recover some information. Also, use anti-virus system and keep it updated.
Who is behind the attack?
The Pseudonymous security expert noted that the real version of Petya was a criminal enterprise for making money. However, the new version is a test disguised as ransomware to spread fast and cause damage, particularly to the Ukrainian government.
The payment mechanism in the malware useless cause it’s like sort of sending your personal cheque to Petya payment itself. This payment pipeline is possibly the worst of all options.
How can it be stopped?
WannaCry attack was crippled by the Killswitch, which was accidentally discovered by a security researcher in the UK. This attack is failed cause they couldn’t handle a number of victims they created. But this time they became more professional. There is a no kill switch in this case. Meaning that Petya might be harder to stop than WannaCry. The security experts note that unless the hackers made a mistake, the data can’t be accessed.
However, there are few simple steps businesses can take to protect themselves. Make sure to apply Microsoft patch MS17-010 and block connections to Microsoft Windows port 445, the part of the operating system associated with the vulnerable protocol. Finally, maintain regular data backups, and use them to restore systems.
Has it affected any company in India yet?
Most of the Indian Markets are depended on Windows XP. So there are a lot of chances to be attacked and it’s a high time that enterprises looked at the issue of security updates seriously.
On Wednesday, operations at one of three terminals at India’s largest container port, Jawaharlal Nehru Port Trust were disrupted by a global ransomware attack. But it is not clear whether if it was by Petya variant.
According to CEO of security firm Forcepoint, this Petya cyber attack shows how easily hackers can gain access to corporate infrastructure, and the motivation behind these attacks needs to be studied. Every organization needs to invest in cyber security, otherwise, the massive attacks with economic, employee and public safety ramifications will continue.