May witnessed the terrible WannaCry ransomware attack which managed to affect over 200,000 systems in 150 countries. Investigations are still going on with alleged suspicions on North Korea’s infamous Lazarus Group. As organizations recover from the WannaCry attack, a new variant of the Petya ransomware has emerged from Ukraine, and is said to have affected over 12,000 machines across the globe.
Similar to WannaCry, Petya exploits a security flaw in Microsoft Windows OS, which is actually a leaked NSA vulnerability called Eternal Blue. Additionally, this ransomware also spreads in organizations by affecting the SMB network, and can enter systems which are securely patched against Eternal Blue. According to Symantec, the source comes from MEDoc, a tax and accounting software package widely used in Ukraine. The report also reveals data on which countries were affected the most based on the number of organizations hit with the Petya ransomware.
Overall, India comes 7th in the list where around 20 organizations were hit. India came 7th globally, but it was the worst affected country in the Asia-Pacific Region. In India, Mumbai’s Jawaharlal Nehru Port Trust (JNPT) port is believed to be one of the affected areas. The attack is said to have caused disruption in loading and unloading at the port. ALSO READ: Global ransomware attack reaches India; Jawaharlal Nehru Port Trust in Mumbai affected
Additionally, people posted on Twitter saying that their systems are down, and the ransomware rebooting OS and encrypting files. While Symantec’s data does cause alarm for India, the government has said that necessary measures are being taken up to ensure that the country is safe from the ransomware attack. IANS quotes IT Minister Ravi Shankar Prasad as saying, “We have been taking proactive steps… we have sent out advisories (on the cyber attack and the malware)… India is not much affected at this stage.” ALSO READ: Petya ransomware spreads globally; social media is gracefully dealing with the panic
Just like WannaCry, the Petya ransomware also encrypts the entire hard drive, and asks users to pay a ransom of $300. The ransomware encrypts all the important files and denies access to the user leaving them with paying the ransom as the only option. It is reported that the attackers have so far received 13 successful payments from the victims. ALSO READ: EternalRocks: If you thought WannaCry ransomware attack was huge, wait for a deadlier version