Published: Wed, June 28, 2017
Hi-Tech | By Ellis Neal

Petya ransomware attacks: Govt rushes cyber security advisor to Mumbai

Petya ransomware attacks: Govt rushes cyber security advisor to Mumbai

The latest ransomware attack, named "Petya", that hit countries' computer systems on Tuesday night shows that large-scale global cyberattacks are set to be an increasing feature of the digital world.

"Detected by ESET as Win32/Diskcoder.C Trojan, this ransomware is likely to be related to the Petya family and could encrypt the whole drive itself of infected users".

However global cybersecurity firm Kaspersky Lab said they thought it was not a variant of Petya ransomware "but a new ransomware that has not been seen before".

Cisco's Talos cyber security division reported that its research shows that this strain of computer virus "uses the same Eternal Blue exploit - a vulnerability used by the US National Security Agency (NSA) - and other weaknesses of Microsoft's operating system to spread", Efe news reported.

The central government had said that the ongoing cyber attack had no serious impact on the country.

"IT systems in several WPP companies have been affected", the company said in emailed statement.

Ukraine's central bank, Kiev's main airport, the Chernobyl nuclear disaster site, and a string of multinational companies, including USA pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and French industrial group Saint-Gobain, were among the victims. Unlike WannaCry, Petya doesn't create custom Bitcoin payment addresses for individual victims, and it also tells victims to communicate with the perpetrators via email, which is traceable, rather than through the anonymous Tor network.

Still, the attack could be more risky than traditional strains of ransomware because it makes computers unresponsive and unable to reboot, Juniper Networks said in a blog post analysing the attack.

The Jawaharlal Nehru Port (JNPT) near Mumbai in Maharashtra is believed to be one of the first places in India to report a Petya infection.

With anything running an Intel processor and being on the same network as an older Windows machine being fair game, Petya has already managed to wreak havoc on a scale comparable to WannaCry despite the former serving as a wake-up call of sorts. Russian security software firm Kaspersky said about 2,000 computers were affected - far fewer than the cyberattack last month that targeted 300,000.

GSTN - the IT backbone on which India's biggest tax reforms is set to roll out from July 1 - has said its operations have not been affected and registrations are going on smoothly. The documents, once opened, will download and run the Petya installer and execute the worm to spread to other connected computers.

SingCert described Petya as "more unsafe and intrusive" than WannaCry; Petya encrypts the entire hard drive rather than each file individually.

"So far this morning there have been no known successful attacks on the WA Government, but it is still early".

"The long-lasting impact of a cyberattack can not be overstated", he said.

Regular consumers who have up-to-date Windows computers are safe from this attack, experts say. The email account used to manage ransom demands, in this case, has been blocked. Unlike Wannacry, this technique would work because the attackers are asking the victims to send their wallet numbers by e-mail to "wowsmith123456@posteo.net", thus confirming the transactions.

Like this: