And this time, the culprit is a different one.
Known as Petya or Petrwrap, companies across the globe are reporting that they have been struck by a major ransomware cyber-attack. British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.
Ukrainian firms, including the state power company and Kiev's main airport were among the first to report issues. The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.
Experts suggest the malware is taking advantage of the same weaknesses used by the WannaCry attack last month.
It remains unclear who is behind the attack, but Moscow-based security firm Group-IB told Reuters it appears to be a coordinated effort simultaneously targeting victims in Russia and Ukraine. The exact extent of the raid is yet to be determined, but some speculate it could be bigger than WannaCry.
It was updated earlier in 2017 by the criminals when certain aspects were defeated. The ransomware was called Petya and the updated version Petrwrap.
There are also news of an emergency landing of an airplane after the plane's computer were hit by this ransomware.
Spanish media reports that the offices of large multinationals such as food giant Mondelez and legal firm DLA Piper have suffered attacks. French construction materials company St Gobain has said that it had fallen victim.
The attacks come two months after another global ransomware assault, known as Wannacry, which caused major problems for the UK's National Health Service.
It is actually very early to say something about the scale of the attack and the total number of people affected by it, but as time will pass, more cases will be witnessed by us.
What is Petya?
The new Petya ransomware has been built with speed in mind, as to expedite the encryption process. Traditional ransomware encrypts files one by one, whereas Petya encrypts the location containing all information about disk files, such as size, permissions, and data content, essentially preventing users from accessing all their data.
Though other ransomware or Petya ransomware both allows for the same file-restricting outcome, but it is lot faster when it comes to taking time to encrypt the data as it does not encrypt file one by one but it only encrypts the NTFS MFT (Master File Table).
Due to this, approach towards making cryptography becomes very difficult, as chances of making mistakes in cryptographic functions becomes more.
It has been said that Petya ransomware is developed by the same developers who made Chimera & Rokku ransomware families as it shares some similarities with that two and it also features its own bootloader and Kernel.
Petya usually arrives via email containing a Dropbox URL or an attachment, and the executable usually differs from one dropper to another. It mostly uses clean executables like, java update checker 2.8.73.2, jucheck.exe, picasa 3.9.141.259, google crash handles 1.3.29.5, SumatraPDF Installer 3.1.1, and installers in Inno Setup format - that were infected with Petya. Another interesting aspect of these executables is that the original icon get changed and replaced with a PDF or WinRaR icon.
So, how to save my computer from it?
Tip #1 : The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.
Tip #2 : Some Windows systems are configured to automatically reboot if it crashes. You can disable this feature in Windows. If you can prevent the MFT from being encrypted, you can still recover your data from your local disk. You can get more info about it here.
Tip #3 : Till now, the ransomware has been found to spread through e-mail attachments. Hence it is highly recommended to avoid clicking of unknown and suspicious email attachments.
Source :
BBC News
No comments:
Post a Comment