Petya Ransomware Attack: Answers to Some Important Questions
by Nimisha Paul
All You Need to Know About New Petya Ransomware Attack
While the world is still recovering from the rampage of WannaCry Ransomware attack, another massive cyber attack is unfolding globally. The destructive cyber attack is considered to belong to Petya, a family of ransomware first noted in 2016. Computers and servers across the world have reported being affected by the latest Petya ransomware which came into the limelight on 27th of June 2017. It’s estimated that Petya ransomware first attacked Ukranian companies and Govt. organizations before spreading to countries like Russia, Norway, Spain, and Britan. Following that, reports came in from India, US, and Australia about the virus infection. Major businesses like Cadbury, Saint-Gobain, DLA Piper (Law firm), A.P Moller- Maersk, JNPT (Jawaharlal Nehru Port Trust, run by A.P Moller-Maersk) have reported being affected by the Petya ransomware attack. The rampaging run of this malware continues, forcing more and more business and Govt organizations to shut down.
What is a ransomware?
A Ransomware is a malware that blocks access (encrypts) to all files to a computer and displays a message demanding a ransom to be paid to get the files decrypted. This kind of virus attacks have been around since the late 80s but got a major news exposure with the Wanna cry ransomware attack in May 2017. You can know more about Ransomware and the WannaCry Attack in detail from our previous blog post.
What do we know now about Petya Ransomware?
Currently, the information available about Petya ransomware is fairly limited. Most of the information being spread are speculations and haven’t been validated. What we do know is that Petya Ransomware shows incredible similarity toWannaCry at first look (although it is not so; explain later on in this article). The systems that are affected displays a message demanding a ransom of $300.
Petya might be using some kind of method similar to WannaCry but has a two level encryption which makes it extremely difficult for cyber security experts to break the code. It’s believed that the code used by the new malware is ripped out of Petya. Possibly someone is making use of this code and have built a whole new ransomware on top of it to execute their own agenda. Ironically, there are also claims that the malware does not belong to the Petya family and is a new totally new kind of threat. The truth in that is debatable, but we know for certain that the malware shows characters typical of the Petya family.
How is Petya Ransomware Different from WannaCry?
When the news about Petya Ransomware came out, everyone had was reminded of the devastation that WannaCry caused. This made most assume and even refer the latest cyber attack to WannaCry v2. As of now, we have no evidence about the source of this attack. There is nothing evident to validate the link between the hackers behind WannaCry and the latest Petya ransomware attack. Besides, there are some vital differences between WannaCry and the Petya ransomware; especially on how they propagate. Typically, WanaCry can spread to any computer across the external network. Once a computer is infected by WannaCry ransomware, it can spread the infection to any computer. On the contrary, a computer infected by Petya ransomware can only spread the virus to other computers on the same internal network. So, it means that Petya Ransomware can possibly propagate only via an internal network. If no computer on your network is infected, chances are slim to get infected externally.
Where Petya ransomware and WannaCry stand apart is the initial infection. WannaCry was deployed onto a few computers but had the power to spread across millions of systems. On the other hand, Petya ransomware initially infected millions of systems using some method but only has the capability to spread through an internal network.
A large number of systems affected initially caused a real havoc and many considered Petya Ransomware to be more dangerous than WannaCry due to this reason. But fortunately, the spread is not alarming as anticipated in the beginning. With that being said, the attack is not under control yet and we can’t predict the possible scale of impact Petya ransomware is going to make.
Who is behind Petya Ransomware Attack?
The answer to this question hasn’t been found. However, most believe that this attack may not be caused by a group with the intention of making money. It could possibly a threat masking like a ransomware to cause destruction globally or any organization or government in particular. The main reason to believe so is the awkward nature of the warning message displayed by the Petya ransomware. Usually, Ransomware creates a different Bitcoin payment address to each user. But the latest ransomware displays the same payment address to all users. Similarly, a single e-mail address was provided or communication (this email address was suspended after the ransomware discovery). All this points to the fact that the people behind Petya ransomware have some other intention other than money.
How to protect yourself and what to do in case of an infection?
1. Backup your files: Make use of cloud storage facilities to create a backup of your important files.
2. Avoid opening suspicious e-mails: You might have heard this a thousand times, but most cyber threats infect a system through e-mail. So keep an eye on your inbox.
3. Install anti ransomware software and keep them updated: In case your system is infected by Petya Ransomware, do not pay the ransom amount as there is no guarantee for getting back your files. Besides, the email-id provided by the attackers have been taken down and there is no possible way of communication between you and the hackers. So it’s literally meaningless to pay the ransom.
One after the other, cyber attacks are casting a shadow on the world of internet. Before the world completely recovered from the devastation caused by WannaCry, the latest Petya ransomware attack has risen serious questions on internet security. The more we compromise on cybersecurity, the more attackers will take advantage. There needs to be an effective and efficient system to prevent these type of attacks. Nations need to collectively come forward with a plan to drive out this ‘evil tendency of the modern era’. It’s good to see Israel and USA announce a cybersecurity pact. More initiatives such as these are essential to prevent such cyber catastrophes in the future. Similarly, each individual should value the files in their computer as they value their other belongings. No one has the right to access your files or prevent your access without permission. Everyone should guard themselves and do everything possible to increase the security of their data.
For clarifications or availing our services, get in touch with our expert team at Dotz Web Technologies. We are one of the top Web Design Company in Kerala India. Our team is proficient in Web Design and Development, SEO and Content Writing, Web Hosting, App Development etc. We are the best Web Development Company in Ernakulam, Kerala, India.
March 17, 2017