What Is Petya? Ransomware Attack Hits Computer Systems Across The Globe
A new ransomware attack—a variant of malicious software known as Petya—has hit computer systems around the world in what appears to be a global cyberattack similar to WannaCry.
Petya has hit Ukraine the hardest thus far, with computer systems belonging to the government, businesses and financial institutions affected. The attack makes use of the same vulnerability that allowed for the spread of the WannaCry ransomware in May.
Read: New Massive Global Cyber Attack Hitting Ukraine Banks, Government And Spreads Across Europe
Thus far, more than 2,000 computers have been affected according to Russian-based cybersecurity firm Kaspersky Lab.
Among those who have been hit by the ransomware are international shipping company Maersk, pharmaceutical company Merck, food conglomerate Mondelez International, San Francisco-based law firm DLA Piper, British advertising firm WPP and Russian oil company Rosneft.
The attack has been given a number of names, though it has most commonly been referred to as Petya or PetyaWrap. Kaspersky has taken to calling the attack NotPetya, as the firm’s researchers believe the attack to be a new strain of ransomware entirely.
Security researcher Kevin Beaumont also reported the attack is not a direct Petya variant but rather a new type of ransomware modeled after Petya. As a result, many antivirus tools have not yet been able to identify the attack.
While information is still being gathered about the attack itself—security researchers have been racing to examine strains of the attack to learn more about it. Many have reported with confidence that the attack was spread by making use of the same exploit that allowed WannaCry to infected hundreds of thousands of machines earlier this year.
Raj Samani, the chief scientist at cybersecurity firm McAfee, told International Business Times the Petya attack makes use of EternalBlue, a Windows-based exploit first discovered by the U.S. National Security Agency, to spread. A number of other security researchers have reached a similar conclusion.
While Microsoft patched the initial security vulnerability after it was reported to the company in March and issued an emergency fix for outdated operating systems when WannaCry began spreading, it is believed the computer systems infected by Petya—or NotPetya—still were not equipped with the security update that would have patched that hole.
“What appears to have happened based on the sample that we have, this particular variant is using the same exploit that was used by WannaCry,” Samani said. “Keeping systems up-to-date, good cyber hygiene, would have worked [to prevent this].”
Some researchers report Petya is more sophisticated than WannaCry. Samani suggests it is at the very least more destructive. “It’s ransomware in name, but it’s disruptive in nature,” he said, noting that the attack has destroyed boot files of computers around the world.
Attribution as to the origins of the attack and understanding of the motive behind it are still a long way off but the attackers have managed to generate nearly 25 payments so far, which have resulted in nearly $6,000 in payments. MalwareTech, the security researcher who found the killswitch on the WannaCry attack, reported paying the ransom will not restore files.
It is unclear if the attack was directly targeted at a particular victim or if it was designed for widespread use. Samani notes that Ukraine took the brunt of the attack and, because the way the attack propagates, it began spreading to other systems across the globe.
Bob Hammer, CEO of data protection provider Commvault, told IBT the attack should be treated as “yet another wakeup call” for businesses to treat ransomware as a serious threat.
“Threat readiness goes beyond simply having the proper security solutions in place to keep ransomware out,” he said. “If an attack gets through your defenses you must have data threat detection techniques applied to your data environment to indicate anomalies to standard operation and highlight proper recover points to escape the ransomware threat.”
© Copyright IBTimes 2024. All rights reserved.