WannaCry had barely settled, and the globe has been hit by another severe ransomware attack, the nature of which is believed to be the Petya virus. While Ukraine was the most affected by the malware, parts of Europe and Asia, which includes India, also bore the brunt of the attacks. Like any ransomware program, the virus creeps in a user’s system and encrypts the entire hard drive and denies the user access to the computer. After the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid. And like the WannaCry program, only Windows machines appear to be at risk of Petya attack.
How did Petya spread?
The Petya ransomware virus was noticed spreading earlier this week with a fake software update that was pushed out to businesses and other enterprises in Ukraine. The software concerned, called MEDoc, is a financial-monitoring application that all businesses in Ukraine must have installed. Though the MEDoc can not be blamed for the issue, someone apparently broke into its software-update servers to pull this off. The Russian antivirus firm Kaspersky Lab said that it had found the Petya malware hidden on a Ukrainian website, possibly in an attempt to infect visitors to the site via drive-by downloads.
The damage done by Petya
Until now the Bitcoin address which is being used by Petya Ransomware has received 42 transactions worth 3.75228155 BTC equivalents to $9490.80 in less than 24 hours, which is more than Rs 600,000. However, the email-id which is being used to communicate with the criminals has been suspended by the service provider, hence rendering all the efforts of getting the decryption key futile. And that is why victims are being advised to desist from making any payments to the criminals.
Petya vs WannaCry
“WannaCry’s attackers failed because they couldn’t handle the amount of victims they created. But this Petya campaign, which is basically still in its first round, comes across as more professional and ready to cash in,” says F-Secure Security Advisor Sean Sullivan. “Amateur hour is definitely over when it comes to launching global ransomware attacks.” ALSO READ: After WannaCry, another ransomware program is spreading globally
However, very interestingly, while many draw comparison between WannaCry and Petya ransomware program, Pradipto Chakrabarty, Regional Director of security firm CompTIA India notes, “there is a slight but important difference. Usually, in case of ransomware attacks, the demand is made from users and the email for communication is unique to each user. In this case, it is observed that there is a single email ID that had been provided to all the affected users for communication. This email ID was since suspended by the provider. This alludes to the fact that either the hackers were amateurs or more dangerously this attack is not a ransomware and was not unleashed with the intention of merely extracting money, but to destruct important data.”
Petya encrypts the following file types, demands a $300 ransom in Bitcoin. pic.twitter.com/9a3S2fwDtR
— Mikko Hypponen (@mikko) June 27, 2017
However, the silver lining of this entire program is that the properly patched Windows systems that are not connected to enterprise networks, such as home computers, are at little risk of being infected by Petya. If you use a home computer to connect to a corporate VPN, however, you greatly increase the chances of your home network becoming infected.
Further, security firm Symantec shared their research, which claimed that the Petya virus was spread using the EternalBlue exploit. EternalBlue, is an exploit generally believed to have been developed by the US National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017. ALSO READ: Before WannaCry and Judy, these 5 malware attacks wreaked havoc globally
India and ransomware attacks
With the virus creeping from Europe to Asia, the attack shows how ransomware is turning into a regular risk of doing business now. According to 2017 Symantec Internet Security Threat Report, ransomware attacks grew 36 percent in 2016, average ransom per victim grew 266 percent in the year. Post WannaCry, banks and retailers have strengthened their defenses, however, many others are still catching up in guarding against ransomware. According to Kaspersky Lab analysts, on the very first day of the virus’ discovery, about 2,000 users had been attacked as of midday in North America, with organizations in Russia and the Ukraine the most affected.
Overall, India comes 7th in the list where around 20 organizations were hit. India came 7th globally, but it was the worst affected country in the Asia-Pacific Region. Just yesterday, the attacks had also been reported to have hit India. The Jawaharlal Nehru Port Trust, in Mumbai, which is also India’s biggest container port, had been unable to load or unload because of the attack. Because of the attacks, the Gateway Terminal India was unable to identify which shipment belonged to whom. RELATED: Global ransomware attack reaches India; Jawaharlal Nehru Port Trust in Mumbai affected
Why India needs to be especially wary of such attacks
Nevertheless, most analysts continue to point out the danger India is facing at this point, with our country constantly being a target of such ransomwares attacks, especially with the ongoing Digital India initiative. “During the last attack, the government activated the ‘preparedness and response mechanism’, which turns to India learning two important lessons from this situation, one, to be always prepared: companies need to constantly stay up to date for plausible treats that could come their way. And two, to have the armour to face such threats: the IT space needs to have enough skilled labour to counter such acts efficiently. These lessons should be implemented effectively and maintained as a hygiene for all companies henceforth”, says Vishwajeet Singh, CIO and Vice President, Aptech Ltd India. ALSO READ: India is the 8th most vulnerable country to Web Applications attacks: Akamai
The Datacenter lead, Rakesh Kumar Singh, of Juniper Networks India agrees, “Regular pathing of operating system is a must, not just on laptops/desktops but for all portable devices like mobile/tablets. Also it is a wakeup alert for all SMBs who avoided moving away from out-of-support operating systems. The main learning is that critical data should not be residing on user desktops. Cloud based solutions which ensures that the relevant data is made available to the user on demand but the storage of data itself is always on the cloud where it is easier to put security and anti-malware defenses.”
For that matter, Kaspersky Lab urged for a major beefing up of online defences of consumers and banks against hackers now that government and financial firms in India continue to promote cashless transactions since last seven months. The demonetization led to the increased numbers of paperless transactions in the country, which also opened more opportunities for money-hungry attackers. ALSO READ: Petya ransomware spreads globally; social media is gracefully dealing with the panic
The results of Kaspersky Cybersecurity Index for the second half of 2016 revealed the top internet activity in India is online shopping. This is followed by emailing, watching movies, and using social media sites. About 96 percent of the respondents admitted to using the internet in purchasing goods online. And 84 percent of them used their devices in banking and in paying online through digital wallets. Kaspersky Lab’s data for 2016 also showed users from India are among the most attacked by banking malware, along with those from Russia, Germany, Japan, Vietnam, and the United States.