Now, Petya ransomware hits globe, second major ransomware in two months
In India, operations at the nation’s largest container port JNPT, Mumbai were impacted last night, as a fallout of the global ransomware attack, which crippled some central banks and many large corporations in Europe
Petya is the latest entrant in a lineup of potent ransomware attacks that deny access to computer systems, and it has affected the world after starting from Ukraine. In India, operations at the nation’s largest container port JNPT, Mumbai were impacted last night, as a fallout of the global ransomware attack, which crippled some central banks and many large corporations in Europe. Several organisations in Europe and the US have been crippled by a ransomware attack dubbed ‘Petya, also known as PetWrap. The malicious software has spread through large firms. It’s the second major global ransomware attack in the last two months. In early May, Britain’s National Health Service (NHS) was among the organisations infected by WannaCry. While, WannaCry attack was stopped by a 22-year-old British security researcher Marcus Hutchins, who reportedly created a ‘kill-switch’. But, security experts have said that Petya might not have a kill switch, which means that it might be harder to stop. Similar to WannaCry, Petya too spreads quickly via networks which use Microsoft Windows, but what is it, why exactly is Petya and how can it be stopped?
What exactly is a malware and what is a ransomware?
Malware is more of a generic term used to refer to a software that is harmful to a computer. Meanwhile, Ransomware is a type of malware that blocks access to a computer or its data and demands a ransom to release it.
How does a ransomware work and how does a computer get infected with it?
In a major number of cases, the malware infects PCs using links and attachments via messages, which are also called ‘phishing emails’. Once your computer gets infected, a ransomware encrypts crucial files and docs, after which it demands a ransom. One a user pays the ransom, they get a digital key using which they can unlock the files. So, essentially if a user has not saved a recent backup of his/her files, paying a ransom is the only choice left or they might face losing all of their files. The ransomware finds all of your files and encrypts them and then leaves you a message. If you want to decrypt them, you have to pay.
How does the Petya ransomware work?
The Petya ransomware takes over computers and demands $300, according to various security researchers. The malicious software spreads rapidly across an organisation once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. Ukraine and Russia are the worst affected, though the attack has also impacted some companies in the US and other Western European countries. This message is flashed on a computer, “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
Who is behind the Petya ransomware attack and how much has it affected?
There is no clarity on who is actually responsible for the cyber attack. However, the impact of the ransomware has been serious. According to an AP report, government offices, energy companies, banks, cash machines, gas stations, and supermarkets, in Ukraine have been affected. Even the Ukrainian Railways, Ukrtelecom, and the Chernobyl power plant have been impacted by the attack.
Meanwhile, MNCs like law firm DLA Piper, shipping giant AP Moller-Maersk, drugmaker Merck as well as Mondelez International, which is the owner of food brands such as Oreo, Cadbury, was also impacted.
In the US, some hospitals have also been impacted by this cyber attack. Poland, Italy and Germany are other countries affected by the cyber attack. Meanwhile, in India, the Jawaharlal Nehru Port has been impacted given Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT.
How to avoid these attacks?
The age-old advice is to never click on a link in an email as the idea of the cyber criminals is to try and trick you into running a malicious piece of code. The software usually is hidden within links or attachments in emails. Once the user clicks on the link or opens the document, their computer is infected and the software takes over. Meanwhile, you should also look for malicious email messages that often masquerade as emails from companies or people you regularly interact with online. One must remember that there is no permanent solution to this problem. You should regularly back up your data and ensure that security updates are installed on your computer as soon as they are released.
After the WannaCry attack exploited vulnerabilities in several computers all over the world, Microsoft had released software patches for the security holes. It is important to instal those updates. The Petya malware reportedly has a backup spreading mechanism. This means, even if computers have installed the Microsoft patch, they can still be attacked if even one machine in a specific network has not been patched.