Petya cyber attack: Know more about the ransomware outbreak

in news •  7 years ago  (edited)

ransomware-illustration_bun.png

A major cyber attack hit companies in Europe, the Middle East and the US on Tuesday, wreaking havoc for employees and customers alike.

The attack caused computers to stop working, instead displaying a ransom note demanding $300 in bitcoin. The widespread attack affected global and national organisations including the Ukranian National Bank, British advertising firm WPP and logistics company Maersk.

3141.jpg

Shipping company Maersk’s IT system was impacted by the cyber-attack.
Photo : Mauritz Antin/EPA

What is ransomware?

Ransomware is a type of cyber attack that locks all digital files and demands payment in order for them to be returned. Computers that are infected with a ransomware virus become unusable save for displaying a ransom note.

It is difficult to recover files from a computer that has been infected with ransomware and victims are often advised not to pay the fee. If they do decide to they are advised that their information may not be returned fully and that it has been compromised.

What is Petya ransomware?

A variant of the Petya ransomware, which has been around for more than a year, was blamed for Tuesday's global attack. Petya is a vicious form of the virus that locks a computer's hard drive as well as individual files stored on it. It is harder to recover information from computers affected by this ransomware, which can also be used to steal sensitive information.

Cyber security experts Kaspersky Lab released a conflicting report that said the ransomware was not related to Petya but was in fact a new program it called NotPetya.

How does it work?

When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.

How does it differ from WannaCry?

Security experts said the program could have spread in a similar way to the WannaCry attack that hit hundreds of thousands of computers including the NHS earlier this year. Like WannaCry, Petya could have used Eternal Blue, a tool created by the National Security Agency and leaked online by the Shadow Brokers that exploits a problem in Microsoft's software.

Where did it start?

The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. A second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.

How widespread is the problem?

The attack hit around 2,000 computers in around a dozen countries including the UK, US, France and Germany. State-run and public organisations were affected, with the global advertising giant WPP and the Ukrainian National Bank both reporting problems.

The most affected country was Ukraine where the Chernobyl nuclear power plant systems were reportedly switched to manual as a precautionary measure.

Should I be worried?


claim656061702img001-crop-600x338.jpg

Computers running the most recent update of Microsoft's software should be safe from the attack. Users are advised to check they have installed the latest version of Windows and refrain from clicking on malicious links.

What to do if you're a victim - should you pay the ransom?

Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them in tact.

Instead, the best thing to do is restore all files from a back up. If this isn't possible, there are some tools that can decrypt and recover some information.

Source Link
By Cara McGoogan

Thank you!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://www.telegraph.co.uk/technology/2017/06/27/petya-cyber-attack-everything-know-global-ransomware-outbreak/