After WannaCry, Brutal ‘Petya’ Boo Global Security Cult
The strain of ransomware being used in the attack is known as Petya, though some are calling it NotPetya due to disagreements over its core code.
The perennial cyberattack menace is prolonging now in a vast scale. Large global companies including WPP, Rosneft, Merck and AP Moller-Maersk have been hit by a large-scale cyber-attack. The impact of thee cyber-attack is said to be so strong that it lamed Ukrainian government and its bank infrastructure, ATMs and supermarket checkouts.
The strain of ransomware being used in the attack is known as Petya, though some are calling it NotPetya due to disagreements over its core code. Petya/NotPetya has now hit Russia, Denmark, France, the United Kingdom, and the United States.
Files get locked and in return the hackers demand users pay $300 in bitcoin to get them back.
The sunny afternoon of Ukraine got clouds in a flick of seconds as the cyberattack ply briskly across government, top energy companies, private and state banks, main airport, and Kyiv’s metro system.
Few International media-houses have earlier reported that Russia is using its neighbor as a “lab-rat”. There are reports of U.S. also being the victim of the attacks.
Reports also cite that a good number of 20 companies have paid the ransom but the email used by the attackers has been suspended, hence showing denial for decryption key.
Several security companies, including Symantec and McAfee, have confirmed that Petya/NotPetya is using at least one of the same tools that made the WannaCry ransomware attack on May 12 so successful.
Outside Ukraine, British advertising agency WPP also said it had been hit by ransomware, while Danish shipping and oil group Maersk reported its IT systems had been taken down. In the United States, the pharmaceutical giant Merck said on Twitter that its network was compromised. A hospital in Pittsburgh was also hit with a cyber attack, but it’s not yet clear whether it was related to Petya/NotPetya.
How Can You Be safe?
Kaspersky Labs has advised companies to update their Windows software, to check their security solution and ensure they have back up and ransomware detection in place.
- Check that all protection is activated as recommended; and that they have enabled the KSN/System Watcher component.
- Use the AppLocker feature to disable the execution of any files that carry the name “perfc.dat”; as well as the
- PSExec utility from Sysinternals Suite.
Matt Moynahan, CEO of Forcepoint notes, “The latest ransomware attacks are demonstrating just how vulnerable critical infrastructure is by hitting railways, airports, hospitals and more. The lines between nation-state defense and commercial defense continue to blur. Forcepoint identified that the ransomware spread laterally within an organization via a vulnerability in the Microsoft SMBv1 protocol, very similar to what we saw with WannaCry. The Petya variant ultimately reboots the machine, presenting a faked ‘check disk’ screen, and showing the ransom message. The reboot and subsequent messages are typical of previously observed Petya behavior.
Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto, said, “Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. However, neither businesses nor individuals should pay ransoms to unlock any files that have been affected by a ransomware attack, as this incentivises and rewards these kinds of attacks. In order to prevent becoming a victim of a ransomware attack, data should be backed-up and encrypted, and stored away from the network the rest of the data is stored on. This means that, in the event that a ransomware attack locks someone out of their files, they will have secure copies available. By doing this, the victim would be able to return to business-as-usual quickly and efficiently.”