The ransomware attack has hit parts of US, India, and Europe, among other places. Ukarine has been severely affected.
WannaCry has barely settled, and a new ransomware attack, called Petya, has hit the globe. While the epicentre of the attacks is Ukraine, the effect is also being felt by users in US, India, Europe, and other parts of the world. Like a standard ransomware program, the virus creeps in your system and encrypts the entire hard drive and denies the user access to the computer. After the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.
Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue ???? pic.twitter.com/RsDnwZD5Oj
— Ukraine / Україна (@Ukraine) June 27, 2017
Uptil now, over 13 people have already made payments to the hackers, and according to a tweet shared by David Patia, who is a Security Consultant at PwC a Bitcoin wallet shows 8 transactions made to the attackers, some six hours ago. The count is likely to have increased.
There are alredy 8 payments done to the #Petya #Ransomware bitcoin wallet. ???????? pic.twitter.com/B7r53KyagO
— David Tapia (@tapia_bekeit) June 27, 2017
This is the #bitcoin wallet chart for the #Petya #ransomware. pic.twitter.com/jbHWrwkzoj
— Marc Ruef (@mruef) June 28, 2017
The #Bitcoin wallet for the #Petya #ransomware has reached USD 9.015 so far.
— Marc Ruef (@mruef) June 28, 2017
A lot of users on social media, many of which are from India as well, have reported a hack since last evening.
All computers in our office are down. Global #Ransomware attack. I’ve heard few other companies affected too. Backup and stay safe, guys. pic.twitter.com/YNctmvdW2I
— Mihir (@mihirmodi) June 27, 2017
New #ransomware spreading through SMB… Its #rebooting OS and encrypting files. Any idea which one it is? pic.twitter.com/DaEyqIKBvH
— Ankit singh (@ankit5934) June 27, 2017
There’s naturally a panic, that the virus has created.
You may want to call your IT helpdesk if you see this today. #Petya #Ransomware pic.twitter.com/Ao1waU2Qe4
— Erka Koivunen (@ekoivune) June 27, 2017
#Petya #ransomware appears to spread locally via Windows APIs from DHCPSAPIS.dll #LAN pic.twitter.com/4c4zDRnlzp
— Vitali Kremez (@VK_Intel) June 27, 2017
#Petya #Ransomware – Infection vector = #phishing. Using weaponized MS Office documents to download an .exe.
— Chris Novak (@ChrisJNovak) June 27, 2017
Symantec also shared its research, which confirms that the Petya virus is being spread using the EternalBlue exploit. EternalBlue, is an exploit generally believed to have been developed by the US National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack on May 12, 2017. ALSO READ: After WannaCry, another ransomware program is spreading globally
Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread
— Security Response (@threatintel) June 27, 2017
However, despite the panic, many Twitter users are actually offering support by breaking the attacks into more comprehensible ways for others.
Targeted files for encryption by #Petya #ransomware campaign – pic.twitter.com/LjRix1kA8t
— Raj Samani (@Raj_Samani) June 27, 2017
Like WannaCry, #Petya #ransomware exploits the same patch vulnerability to spread in a network. Here are the mechanics behind the threat. pic.twitter.com/7Fu9Q01WKx
— RSA (@RSAsecurity) June 27, 2017
People are offering solutions as kill switch for the virus. Although, it’s still not sure how effective these are.
Want to prevent infection from the #Petya #Ransomware? Create a file called C:Windowsperfc to act as a kill switch and prevent infection.
— CYDEFE (@cydefe) June 28, 2017
#Petya #Ransomware KILLSWITCH:Malware checks for the name of the dll inside c:windows-If exists it won’t run. Whats the original dll name? pic.twitter.com/WUXC3Itdyi
— Amit Serper (@0xAmit) June 27, 2017
Sharing again in light of the #Petya #ransomware. Turn off SMB. Patch your systems. Don’t be a victim. #infosec #cybersecurity #Windows pic.twitter.com/cqxVErkTIA
— Matt Guenther (@guentherishere) June 27, 2017
How to protect yourself from #ransomware home & work❗️
RT to place across many timelines ????????
DONT FORGET to #tell2 people in the real ???? pic.twitter.com/NinOorg5yg
— Durham Fraud Team (@DurhamFraud) June 27, 2017
The attacks has recently been reported to have hit India as well. The Jawaharlal Nehru Port Trust, in Mumbai, which is also India’s biggest container port, has been unable to load or unload because of the attack. Because of the attacks, the Gateway Terminal India, was unable to identify which shipment belonged to whom. RELATED: Global ransomware attack reaches India; Jawaharlal Nehru Port Trust in Mumbai affected
http://www.bgr.in/news/petya-ransomware-spreads-globally-social-media-is-gracefully-dealing-with-the-panic/
