Everything You Need To Know About Petya Ransomware Attack

It was only a month ago, the whole world was held on a ‘virtual gunpoint’ by one of the scariest global cyber-attack propelled by a ransomware called WannaCry. Because of some timely interference and quick action across the globe, the impact of the attack was limited to certain regions in the world such as Russia and China, while countries like India were left safe.

However, today we are witnessing another wave of massive global ransomware attack called Petya and it seems more dangerous than WannaCry. Here is everything you need to know to keep your data safe.

What is a ransomware?

Ransomware is a type of malware that carries out the cryptoviral extortion attack that blocks access to data until a ransom is paid and displays a message requesting payment to unlock it. Most of the ransomware encrypts the victim’s files or even the full drive, making them inaccessible, and demands a ransom payment to decrypt them. The victims are often instructed to make the ransom payment through the cryptocurrency Bitcoin.

How do Petya Ransomware work?

Similar to WannaCry, Petya infects the computer and encrypt all the data, demanding a $300 ransom, paid in Bitcoin. According to Security Research firm Kaspersky, Petya could be a variant of Petya.A, Petya.D, or PetrWrap. However, the firm doesn’t think this is a variation of the WannaCry cyberattack. Like WannaCry, Petya exploits the EternalBlue vulnerability in Microsoft Windows.

Even though Microsoft released a patch after the WannaCry attack, it seems not very one have installed it. On the other hand, Petya has a better mechanism of spreading itself than WannaCry as the malware tries one option and if it doesn’t work, it tries the next one.

How bad is the attack?

According to the initial findings by Kaspersky over 60 percent of attacks took place in Ukraine, and Russia is second on the list with 30 percent. It has been confirmed that the ransomware originated from Ukraine. According to Ukrainian Cyber Police, the attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, reports The Guardian. And as a result, many Ukrainian organizations were affected, such as government, banks, state power utilities and Kiev’s airport and metro system, and even the radiation monitoring system at Chernobyl.

On global scale multinational companies like law firm DLA Piper, shipping giant AP Moller-Maersk, drugmaker Merck as well as Mondelez International, which is the owner of food brands such as Oreo, Cadbury, was also impacted. In India, the Jawaharlal Nehru Port has been impacted given Moller-Maersk operates the Gateway Terminals India (GTI) at JNPT. This has a capacity for over 1.8 million standard container units, reports Times of India.

How can you protect yourself?

First of all, do not pay the ransom. As of now the email service Posteo has shut down the email account that has been used by the attackers. So even if you paid the money, there is no way to contact them and get your data back. As a precaution, you should create regular back and install all security updates for Windows. If you find yourself being a victim of this attack, then the best thing is to reformat your PC and reinstall Windows.

Back to top button