| Hackers made less than R26 000 off Petya global cyber attack

CERT-LatestNews Security News ThreatsCybercrime Uncategorized VulnerabilitiesAll VulnerabilitiesNetwork


Johannesburg – Hackers made less than R26 000 off the massive Petya malware attack which has affected computers globally – including thousands in South Africa – since Tuesday night.

Carey van Vlaanderen, CEO of ESET Southern Africa, told Fin24 that the financial gain was significantly lower during the Petya Attack, compared to the recent WannaCry virus. 

“The impact of the Petya virus was not nearly as serious as WannaCry. However, it spread in similar situations to the recent attack,” she said.  

Despite the financial gain of around $2 000 by the hackers responsible for the Petya attack, Van Vlaanderen said that the virus incurred serious monetary costs for companies. 

READ: Up to million computers hit in biggest cyber attack ever

“The Petya attack spread very similarly to how the WannaCry virus did, with Windows machines around the world vulnerable to the virus,” said Van Vlaanderen.

The virus originated in Ukraine, with ‘patient zero’ seeing 75.24% of the spread, followed by 9.06% in Germany and 5.81% in Poland. 

South Africa saw thousands of infections but featured far down the list, suffering only 0.03% of the total attack. 

ESET researchers have located the point from which this global epidemic started. 

Attackers have successfully compromised the accounting software M.E.Doc, popular across various industries in Ukraine, including financial institutions. 

Several of them executed a trojanised update of M.E.Doc, which allowed attackers to launch the massive ransomware campaign which spread across the whole country and to the whole world. 

READ: Here’s how to protect yourself against WannaCry and other malware

Numerous reports are coming out on social media about a new ransomware attack in Ukraine which could be related to the Petya family, currently detected by ESET as Win32/Diskcoder.C Trojan. 

It appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCryptor for getting inside the network, then spreading through PsExec for spreading within the network.

ESET said this dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and most vulnerabilities have hopefully been patched. 

The WannaCry virus which surfaced in May was seen as the biggest attack of 2017, with between 400 000 and 1 million devices affected globally.