Friday, June 30, 2017

Petya virus – is it ransomware and which companies have been hit by the global cyber attack?



A CYBER attack dubbed “Petya” has hit computer servers around the world crippling companies in Britain, Europe and Chernobyl.

Here’s what you need to know behind the second major cyber attack – which is being likened to WannaCry – in two months.



GETTY IMAGES


3 Companies have been crippled by an attack dubbed ‘Petya’


What is the Petya?


Petya is a malicious software which targeted victims in the UK, Europe and the US with computer screens warning that their files and systems would be destroyed if they did not send the equivalent of about £300 in bitcoin.


Travis Farral, director of security strategy at tech firm Anomali, said: “This is a global attack. Just like WannaCry, organisations are locked out of their networks and a fee demanded to decrypt files.


“Bitcoin payments are currently already at $2,000+ already. But it’s essential that victims understand that payment may not actually allow them to access their data, and may just fund hackers to commit further crimes.”


The cyber-assault is particularly severe because it is understood that just 10 out of 61 antivirus programs are capable of tackling it.


The source of the attacks was not immediately clear.




3 A view of a computer that has been infected by the Petya ransomware

What is ransomware?


Ransomware is a virus which takes over a device (or computer) and freezes its files.


Hackers use it to hold the recipient to ransom, asking for money in return for access to their documents.


The ransomware can be spread by accidentally clicking a bad link.


It’s often shared in an email, or in some cases hackers could booby-trap a website they know employees will visit, like a government portal.


Security experts always advise against paying a ransom, as hackers will often destroy the files anyway.


Criminal gangs will send out thousands of these emails, called phishing scams, in the hope that just a few will click on the link.
Is the Petya virus a ransomware?


The virus that is sweeping the globe is believed to be a “wiper” designed to cause mayhem and is not actually ransomware.


Cyber experts say Petya is hell-bent on destroying files permanently.


Russian cybersecurity expert at Kaspersky Labs wrote in a blogpost: “After an analysis of the encryption routine of the malware used in the Petya attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made.


“This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain.


“Instead, it appears it was designed as a wiper pretending to be ransomware.


“What does it mean? Well, first of all, this is the worst case news for the victims – even if they pay the ransom they will not get their data back.


“Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”
Which companies have been hit by the Petya ransomware attack?




3 Where the attacks are known to have hit so far


British advertising giant WPP and the French industrial group Saint-Gobain all said they came under attack and put protection protocols in place to avoid data loss.


Ukraine was the worst hit, with government ministries, banks, utilities, telecom operators and major companies attacked.


Computers at the Chernobyl nuclear power plant have been infected, although there is not believed to be any risk of radioactive contamination.


Shipping giant A.P. Moller-Maersk, a firm which handles one out of seven containers shipped globally, said its systems were down across “multiple sites and business units due to a cyber attack”.


The crippling virus has forced the Danish company to halt operations at the fully automated Maasvlakte II terminal in Rotterdam.


Mondelez, the owners of Cadbury, were also hit in the devastating attack.


Russian oil giant Rosneft announced that its servers has been hit by a “powerful hacking attack” carried out “against the company’s servers”.


Russian web security firm Group-IB said the Petya ransomware was used in today’s massive attack on oil, telecommunications and financial companies in the former Soviet Union.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...