The “Petya” ransomware has caused serious disruption at large firms including the advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. In the May attack, fixing that bug protected the computer from ever becoming affected by the attack. “If you do not power on, files are fine”.
Kaspersky has reported that the hackers have no way of decrypting the data.
While there has been no attribution as to who originated the attack, security researchers have pinpointed what they believe to be the first target of Petya: M.E.Doc, a Ukrainian company that develops tax accounting software. Microsoft said in a blog post that the initial infection “appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc” and that it has evidence that some active infections started from the software maker’s updates.
John Miller, senior manager (analysis), FireEye, explains that Petya does not encrypt individual files, but overwrites the master boot record and encrypts the master file table, thus rendering the system inoperable until the ransom has been paid.
The cyberattacks recalled the WannaCry ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims.
However, they had not been able to find a so-called “kill switch” that would prevent the crippling ransomware from spreading to other vulnerable computers.
Johnson: In May the issue seemed to be related to Microsoft software and security that it patched – a lot of people hadn’t updated their systems.
So far the attack has earned its creators $6,000 in Bitcoin payments from affected users. Just like WannaCry, Petya also demands the ransom in Bitcoins, but their Bitcoin account is now inactive.
Since the WannaCry attack, governments and a number of corporations have begun implementing stronger cybersecurity protocols.
Petya ransomware, aka Golden Eye, has struck more than 65 nations, according to National Public Radio.
Wisniewski: This attack uses that same flaw that the May attack used.
How much bigger this attack will get.
According to research by Talos Intelligence, the attackers are using a variant of the Petya family of ransomware, using EternalBlue, which was seen in WannaCry.
Ransomware is one of the most popular forms of online attack today.
Ben Johnson: How does this attack appear to be different than May’s attack? The harmful virus will encrypt the data in infected computers and extort the owner to pay a ransom.