What’s Happening?
On Tuesday, 27th of June 2017, a new Ransomware attack broke out disrupting numerous large enterprises and small and medium businesses all around the world. Initial behavior of the malware made the experts on network security believe it to be Petya which was run a criminal organization for monetary benefits. Petya has made repeated attacks in the past gaining several versions named to it including Petya.A, Petya.D, and PetrWrap.
Most of us would still remember the previous malware attack on windows systems – WannaCry. Similar to WannaCry, this malware Petya or NotPetya attacks windows networks holding them hostage for a demand of $300 worth in Bitcoin. Network security experts believe that this attack is different from regular petya attacks in many ways. Most importantly though, NotPetya’s intentions seems to be just to bring chaos and disrupt many networks and not in making money like regular Petya attacks.
Who’s Affected?
This indifference towards money might just be a careless effort as they have chosen posteo.net for their e-mail service. When Posteo came to know about the crisis, they immediately blocked all access to the users of the particular e-mail address. While this has stopped the hackers from receiving their ransom, this has also worked against those who had paid the ransom, as there is no way now to get their de-encryption code.
The attack is quite widespread but initially it started in Ukraine attacking a government based organization and quickly spread like wildfire to many windows networks around the world. While the attacks are concentrated at Ukraine and Russia, several big names in the United States have also been affected. Some of the biggest enterprises to be affected include AP Moller-Maersk, Merck a pharmaceutical giant, and Mondelez Internation. Cadbury is one of the most popular companies internationally to get attacked. This is also expected to bring great disruption in logistics and transport around the world. India’s largest container terminal at Mumbai, Jawaharlal Nehru Port was also affected sending major waves for fear throughout SE Asia.
The ransomware is rated to among the most comprehensive ever to have hit digital networks. It is completely comprehensive and there are few options left to decode or break the encryption. This has made network security experts to believe there is very less chance for getting back the encrypted files. According to kaspersky, the ransomware uses a solid, standard, encryption scheme leaving little or no room to access data.
This attack in particular targets the patches which Windows had released this year leading to the latest updated systems and networks. The creators of the ransomware are yet to be identified. The first companies and organizations which came under the attack are Ukranian Government offices including their banks, Energy companies, gas stations, cash machines, and retail supermarket chains. The attackers have also targeted the remote sensing equipments of scientists studying radiation impact at Chernobyl.
What can be done?
While there are very slim chances for recovery of data, you can however prevent such attacks from affecting your networks. One way to escape as suggested by many is to turn off your computer when it is loading with the malware. The malware suggests you to not turn off power to your computer saying it would destroy your files, trusted ethical hackers have suggested to power off the computer to prevent the encryption process. So far, it has worked.
Another challenge for programmers working against Petya is that there is no way to stop the Malware from spreading. It is advisable to follow strict network security best practices, and also back up their vulnerable data. It is good for Windows users to keep your PC updated to prevent such attacks. Another tip is to not open any attachments and spam mails.
For you further guidance, you can also contact our IT experts at XCEL Corp. Working with numerous organizations all around the world has helped us to create top notch best practices to ensure that your network security is never compromised.
