Is Petya Virus the New Internet Apocalypse? Find Out More in this Article
After recovering from the effects of WannaCry, a new cyber attack has spread once again. This time, the attacks spanned from Europe to the United States to Asian shores.
According to reports, the Petya virus demands users pay US$300 (S$416) in cryptocurrency per infected computer to unlock their systems.
Kaspersky Lab analysts said the majority of affected users are from North America, Russia, and Ukraine.
A.P. Moller-Maersk has operated a terminal A.P. Moller-Maersk at the Jawaharlal Nehru Port Trust, a facility near Mumbai which is India’s biggest container port. Unfortunately, the attempt was unsuccessful due to the failure of loading or unloading.
India-based employees at Beiersdorf, makers of Nivea skin care products, and Reckitt Benckiser, which owns Enfamil and Lysol, also said the ransomware attack had impacted some of their systems in the country.
Travis Farral, director of security strategy at tech firm Anomali, said: “This is a global attack. Just like WannaCry, organisations are locked out of their networks and a fee demanded to decrypt files.”
Wake Up Call for the Antivirus Programs
The cyber-assault can be potentially severe. This is because as of now, just 10 out of 61 antivirus programmes are capable of tackling it.
Matt Suiche, the founder of the cybersecurity firm Comae, wrote in a blog post that after analysing the virus, his team determined that it was a “wiper,” not ransomware.
“We can see the current version of Petya clearly got rewritten to be a wiper and not actual ransomware,” said Suiche.
The virus going around is a modified take on an earlier version of the Petya virus that was true ransomware.
But Comae saw that there are modifications in the code already. It has changed from a virus that encrypts a disk and demands a ransom into a virus that simply destroys the disk.
A Cadbury chocolate factory became the first Australian business to be the victim of the global attack, a trade union official said.
Production at the Cadbury factory on the island state of Tasmania grounds to a halt after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.
Factory workers “weren’t sure what it was but, as the night’s gone on, they’ve realised there have been some significant attacks around the world”, said Short.
According to Zheng Wenbin, the chief security engineer at Qihoo 360 Technology Co., there are signs the virus is starting to spread in China. However, he was not able to detect any large-scale outbreak.
In the UK, the advertising firm WPP said its systems had also been struck down. Meanwhile, in the Netherlands, a major shipping firm confirmed its computer terminals were malfunctioning.
The Spread of the Virus
The spread of the attack has spanned across the globe and into Asia and Australia. This underscores how ransomware is becoming a routine risk of doing business.
Banks and retailers have strengthened their defences against certain types of attacks, such as those aimed at stealing credit card data. Still, many other enterprises are still catching up in guarding against ransomware.
About 2,000 victims have been under tally as of midday Tuesday in North America, according to Kaspersky Lab analysts. Moreover, organisations in Russia and Ukraine have the most victims.
The strikes follow the global ransomware assault involving the infamous WannaCry virus incident. This happened just recently, affecting hundreds of thousands of computers in more than 150 countries as extortionists demanded US$300 in bitcoin from victims.
How to Prevent the Virus?
Ransomware attacks have been soaring. According to Verizon Communications Inc., the number of such incidents increased by 50% in 2016.
Security experts said the programme could have spread in a similar way to the WannaCry attack. Such incident hit hundreds of thousands of computers including the NHS earlier this year.
Like WannaCry, Petya could have used Eternal Blue. It’s a tool from the National Security Agency which leaked online by the Shadow Brokers. The leakage was due to the exploits of a problem in Microsoft’s software.
In any case, victims must never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be intact and complete.
Instead, the best thing to do is to restore all files from a backup. If this isn’t possible, there are some tools that can decrypt and recover some information. If you require any IT Services to protect your data, please contact us, at IT Solution.