FAQ Comment

Held to ransomware

Another attack adds to global cybersecurity woes

What is NotPetya/Petya?

It is the latest cyberattack to have hit organisations worldwide on Tuesday. While Ukraine and Russia are believed to be the worst hit by the attacks, companies across U.S., U.K. and India have been impacted. Most security organisations believe this to be a variant of Petya ransomware that has been in existence since 2016. But preliminary findings by Russian cybersecurity firm Kaspersky suggest that this is ransomware not seen before.

Where did the attack originate?

While the origin is still unclear, it is believed to have started from an update by a third-party Ukrainian software called MeDoc, which is used by many government organisations in the country.

Kaspersky says over 60% of attacks took place in Ukraine, and Russia is second on the list with 30%.

What is a ransomware attack?

It is a malicious software that blocks access to computers and data until a sum of money is paid. NotPetya is the second major global ransomware since WannaCry, which had infected about 3,00,000 computers across 200 countries in May. Similar to WannaCry, one of the means by which Petya spread was by exploiting the MS12-010 vulnerability, also known as EternalBlue. Microsoft had issued a security patch to fix it in March.

The Petya ransomware not only encrypts files, but also overwrites and encrypts the master boot record. It shuts down the system about an hour after the infection and asks for ransom on rebooting. Users will not be able to access the system till the infection is removed. The PC might be protected from the malware in case the user is able to disrupt the system reboot.

While the damage done by WannaCry was contained in a couple of days due to “sloppy coding”, Finland-based cybersecurity firm F-Secure believes that the latest ransomware is a much more “professional attempt” by cyber-criminals.

What can be done to contain NotPetya/Petya?

Cyber-criminals behind the attack are demanding $300 in bitcoins be paid to recover encrypted files. The message flashed across the screen reads: “If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

As of Wednesday afternoon, more that $9,262 from 40 payments had been collected in the Bitcoin wallet tied to the Petya ransomware attack, according to @petya_payments Twitter account which is tracking these payments. However, the Indian government’s cybersecurity arm CERT-In (Indian Computer Emergency Response Team) in its advisory has urged against paying ransom as it does not guarantee files being released.

Why you should pay for quality journalism - Click to know more

Recommended for you
This article is closed for comments.
Please Email the Editor

Printable version | Feb 17, 2020 2:39:41 PM | https://www.thehindu.com/opinion/op-ed/held-to-ransomware/article19165960.ece

Next Story