With the Petya global ransomware spreading to India, the government on Wednesday said it is “closely” monitoring the situation while maintaining that there has been no large-scale impact on India yet.
The government has, however, sent Dr. Gulshan Rai, National Cyber Security Coordinator to the Jawaharlal Nehru Port Trust (JNPT), where one of three terminals was impacted, to “deal with the situation”.
Operations at the Mumbai terminal of country’s largest container port, the JNPT, which is operated by Danish business conglomerate AP Moller-Maersk, was disrupted due to the ransomware attack.
“The situation is being closely monitored…Since the congestion could create difficulties in traffic management, the JNPT has opened up its parking lots for cargo destined to this private terminal,” an official statement said.
The Gujarat Pipavav Port was also partially impacted. “A.P. Moller-Maersk was hit as a part of a global cyber attack affecting multiple sites and business units, including the Gujarat Pipavav Port Limited,” the company said in a filing to the BSE.
The Petya ransomware not only encrypts files, it locks the entire disk, making it basically unusable until the infection is removed. It shuts down the system and asks for a ransom of $300 in bitcoins on rebooting. “We have sent out warnings to the stock exchanges, the Airports Authority of India, the National Payments Corporation of India, and National Critical Information Infrastructure Protection Centre,” an IT Ministry official said. He added that the Ministry was in touch with security providers, including Kaspersky, Microsoft, McAfee and QuickHeal, as also with Computer Emergency Response Teams in the Asia Pacific region, including from Hong Kong, China and Japan. “Till Wednesday morning, no attacks were reported in these countries,” the official said.
Read the full advisory here .
More professional
The Petya/Notpetya ransomware is the second major global ransomware since WannaCry hit over 3,00,000 computers across 200 countries in May. Petya, like the recent WannaCry ransomware that infected over 300,000 computers worldwide, uses the Eternal Blue exploit as one of the means to propagate itself. However, experts have warned of bigger damage this time.
“…WannaCry’s damage was quickly minimised due to sloppy coding…Petya appears to be a much more professional attempt to employ similar methods,” Finland-based cyber security firm F-Secure said in a blogpost.
Measures (CERT-In)
· Make sure Microsoft Windows and all third party softwares are updated.
· It’s crucial to apply the MS17-010 bulletin immediatel
· Don't open attachments in unsolicited e-mails, even if they come from people in your contact list.
· Never click on a URL contained in an unsolicited e-mail, even if the link seems benign.
· Maintain updated Antivirus software on all systems.
· Ensure the web browsers are secured enough with appropriate content controls.
· Individuals or organizations are not encouraged to pay the ransom, as this does not guarantee files will be released. Report such instances of fraud to CERT-In and Law Enforcement agencies.