“Besides Ukraine being the epicentre of Petya ransomware, many countries across the Europe came under the disastrous impact”
It’s time for companies to seriously rethink over their managed security services and strategies with the recent Petya ransomware attack. While the world didn’t completely stepped out of the WannaCry ransomware haze that quickly spread and infected hundreds to thousands of computers, the recent Petya cyber-attack infected more than 60 percent systems just in Ukraine! Some of the most critical infrastructures across the country fell victim to the virus including central bank, metro transport routes, airport and worse, the Chernobyl Nuclear Power Plant. This forced the management to drastically shift their radiation-sensing systems to manual. From Ukraine, the attacks proceeded to Spain, Germany, Israel, Netherlands, the US and the UK.
Many lead scientists and principal engineers serving the IT sector commented on the particular ransomware attack being “massive”. This is because energy companies, bus stations, gas stations, power grid, banks and airports are being targeted. It’s rather an “improved” version of the previous WannaCry and didn’t repeated the same mistakes.
With Petya, speed is one of the primary factors for the virus to spread like crazy. Majority of infections have taken place in Ukraine, Poland and the Russian Federation. Other experts confirmed that this particular ransomware hit multiple locations, locking computers through an encryption key, asking for $300 Bitcoin for decrypting the files.
A word on Petya ransomware
Petya is categorised a malware that has existed since 2016 and many anti-virus firms even cited about the virus been modified to a much dangerous level with a tendency to spread by worm. Managed security service providers are overwhelmed keeping up with the pace of modifications to their existing strategies. IT industrialists and researchers are claiming that all previous versions of Petya attacks had their codes shared however, this particular version is different. This version of Petya due to a slight variation than previous attacks is being dubbed as NotPetya. It has been purposely altered to speed up the attack and rather a plausible deniable cover of ransomware.
A Russian security company declared it a complex cyber-attack and has been modified by the same entity that created it. So far, the reports of Petya ransomware are gradually rising with full picture yet to be seen. With this, reports of early analysis may be wrong whereas more detailed inspection of the code alongside enhanced managed security would reveal details to a much greater extent.
Regardless of the clouded facts surrounding Petya, there’ve been confirmed reports of this ransomware spreading speedily with Europe being the primary target.
Companies that have been hit
Among the most high-profile occurrences of Petya ransomware, renowned shipping firm Maersk claimed its IT systems went offline following closure of multiple site and business units due to cyber-attack. A Russian petroleum company Rosneft also fell victim to the attack along with Chernobyl Nuclear Power Plant that was really a hair-raiser incident. Yet another famous pharmaceutical company Merck also got hit by the malware.
Spreading of the virus
Much like many other malware, Petya also locks computer by encrypting files mostly on computers that are vulnerable to all such attacks. A common message or error displayed that indicates virus infection is;
“If you see this text, then your files are no longer accessible because they have been encrypted” with some even demand Bitcoin payment for decryption.
Security companies are highly confident that Petya uses the same software exploited in Microsoft products by the previous WannaCry. This is a new breed of ransomware with rather an evil twist in a way that it locks the entire disk, rendering it useless completely. It encrypts the Master File Tablet (MFT) of the filesystem due to which operating system is unable to locate the files.
While fortification of managed security is an undeniable factor, a simple way to avoid being victim of Petya ransomware is avoid opening unknown emails especially those with attachments.