New ransomware attack: Govt departments alerted

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

Against the backdrop of a fresh ransomware attack spreading across the globe, the Kerala State IT Mission and Cyberdom Kerala Police have issued an alert to government departments, with recommendations for preventive action to protect computer networks.

The ransomware virus, named Petya, is a malicious software that shuts down a computer system and then demands a ransom to fix the problem. Like WannaCry, its predecessor that infected lakhs of computers across the world this May, Petya also targets machines running on the Microsoft Windows operating system.

The alert points out that the Petya vector has struck large multinational companies across Europe and affected Ukraine’s government, banks, state power utility and Kiev’s airport and metro system. Unlike other ransomware, Petya does not encrypt files on a targeted system one by one. Instead, it replaces the computer’s master boot record (MBR) with its own malicious code that displays the ransom note and leaves computers unable to boot.

To prevent infection by Petya virus, the KSITM has advised users and organisations to apply patches to Windows systems, maintain an updated antivirus software on all systems and backup all critical information to minimise the impact of data loss and expedite the recovery process.

Users have been advised not to open attachments in unsolicited emails and never click on the URL. It has recommended the deployment of Web and email filters on the network and disabling of macros in MS Office products. The alert has called for securing the Web browsers with appropriate content controls and restricting users’ abilities to install and run unwanted software applications.

The instructions also warn against paying the ransom as it does not guarantee the release of the files.

Users are directed to the site for instructions on preventive measures and asked to report to CERT- IN or law enforcement agencies in case of a cyberattack.