Petya Virus – A New Threat Emerging?
Barely have we recovered from the effects of WannaCry when a new cyberattack, which has spread from Europe to the United States has reached Asian shores.
According to reports, the Petya virus has wrecked havoc in Europe and is Asia is said to demand users pay US$300 (S$416) in cryptocurrency per infected computer to unlock their systems.
Kaspersky Lab analysts said users in North America have been hit, with organisations in Russia and Ukraine the most affected.
A terminal operated by A.P. Moller-Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai which is India’s biggest container port, was unable to load or unload because of the attack.
India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, also said the ransomware attack had impacted some of their systems in the country.
Travis Farral, director of security strategy at tech firm Anomali, said: “This is a global attack. Just like WannaCry, organisations are locked out of their networks and a fee demanded to decrypt files.”
The cyber-assault is said to be particularly severe because it is understood that just 10 out of 61 antivirus programmes are capable of tackling it.
Matt Suiche, founder of the cybersecurity firm Comae, wrote in a blog post that after analysing the virus, his team determined that it was a “wiper,” not ransomware.
“We can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware,” said Suiche.
The virus going around is a modified take on an earlier version of the Petya virus that was true ransomware.
But Comae saw that code had been specifically modified to change it from a virus that encrypts a disk and demands a ransom into a virus that simply destroys the disk.
A Cadbury chocolate factory became the first Australian business to be hit by the global attack, a trade union official said.
Production at the Cadbury factory on the island state of Tasmania ground to a halt after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.
Factory workers “weren’t sure what it was but, as the night’s gone on, they’ve realised there’s been some significant attacks around the world”, said Short.
There are signs the virus is starting to spread in China but no large-scale outbreak has been detected, according to Zheng Wenbin, chief security engineer at Qihoo 360 Technology Co.
In the UK, the advertising firm WPP said its systems had also been struck down, while in the Netherlands a major shipping firm confirmed its computer terminals were malfunctioning.
The spread of the attack across the globe and into Asia and Australia underscores how ransomware is becoming a routine risk of doing business.
While banks and retailers have strengthened their defences against certain types of attacks, such as those aimed at stealing credit card data, many other enterprises are still catching up in guarding against ransomware.
About 2,000 users had been attacked as of midday Tuesday in North America, according to Kaspersky Lab analysts, with organisations in Russia and the Ukraine the most affected.
The strikes follow the global ransomware assault involving the WannaCry virus that affected hundreds of thousands of computers in more than 150 countries as extortionists demanded US$300 in bitcoin from victims.
Ransomware attacks have been soaring and the number of such incidents increased by 50 per cent in 2016, according to Verizon Communications Inc.
Security experts said the programme could have spread in a similar way to the WannaCry attack that hit hundreds of thousands of computers including the NHS earlier this year.
Like WannaCry, Petya could have used Eternal Blue, a tool created by the National Security Agency and leaked online by the Shadow Brokers that exploits a problem in Microsoft’s software.
Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them in tact.
Instead, the best thing to do is restore all files from a back up. If this isn’t possible, there are some tools that can decrypt and recover some information. If you require any IT Services to protect your data, please contact us, at IT Solution.