All you need to know about Petya Ransomware

Wannacry was seen as a major threat to the Indian subcontinent but it seems that was just the beginning. A new ransomware going by the name Petya has already had a major impact on the operations in India and there's no guessing when the attacks might stop completely. 

Cyber security experts claim India's critical infrastructure remains vulnerable to such attack even as the country's largest container port - Jawaharlal Nehru Port Trust (JNPT) - has been affected, prompting authorities to contain the disruption in emergency mode.

The said terminal was being operated by AP MollerMaersk, the shipping giant, which is among the worst affected globally.

What is Petya?

Petya relies on the same NSA-leaked EternalBlue exploit that was used by WannaCry, but that's only one of its strategies to burrow itself across computers.

Petya infects computers and locks down their hard drives. It demands a ransom of $300 (Rs 19,000) in Bitcoins. The email associated with the ransomware has been blocked, so even if victims pay, they won't get their files back.

Once it infects a computer, Petya waits for 10-60 minutes, and then reboots the computer. It then encrypts the master file table and then overwrites the master boot record with a custom loader. It places a ransom note to explain what users must do to regain control.

Why is Petya more dangerous than the Wannacry?

Unlike Wannacry, Petya does not encrypt individual files, but overwrites the master boot record and encrypts the master file table, thus rendering the system inoperable until the ransom has been paid. 
Microsoft issued a patch for affected Windows versions, but businesses take time to install updates. That's why Petya is targetting organisations rather than individual users. Petya needs a single fault in a network. So as long as one machine hasn't applied the patch, it can infect other computers on that network. That's where the malware takes an edge over ransomwares like Wannacry. 

If the ransomware manages to corrupt anyone of the systems, it can easily spread on the network even if all the other systems have applied the security patch provided by Microsoft.
What's the extent of the damage done?

Security firm Kaspersky said around 2,000 systems were impacted as of Tuesday, with organisations in Russia and Ukraine being hit the hardest. Systems in Britain, France, Germany, Italy, Poland and the US were also impacted. Some of the biggest corporations including Russia's largest oil company Rosneft, Ukraine's international airport and advertising giant WPP have come under attack.

What can you do to stay safe?

Ensure that you are using a fully-updated version of Windows. If you are on an older release due to a company policy, talk to your IT department to apply the MS17-010 patch issued by Microsoft. 

For those who are infected, cyber security experts have only one advice across the board: Don't pay the hackers. Gemalto, which specialises in digital security, says consumers should not be paying the ransomware attackers.

  • Blogger Comments
  • Facebook Comments
Item Reviewed: All you need to know about Petya Ransomware Rating: 5 Reviewed By: PRASHANT ENTERPRISES