Cybersecurity

Petya Ransomware Events Occur in Multiple Countries and Affect Multiple Sectors

The second massive cyberattack in the past two months is as crippling as the first. Petya ransomware attacks infrastructure that supports national governments and corporations. Is the onslaught of ransomware attacks becoming a new normal?

Tainar / iStock / Getty Images Plus / Getty Images

The most recent major ransomware attack dubbed Petya affected businesses, including airlines and shipping lines, banks, and utilities. Companies in Ukraine, Russia, and throughout Europe in the Netherlands, France, Spain, and the United Kingdom reported being infected. It also spread to some companies in the United States, including a multinational law firm and several hospitals, sparking health care concerns.

One of the largest drug makers in the United States, Merck, reported being infected by the malware, as did the multinational law firm DLA Piper, which has more than 20 offices in the United States.

The Petya ransomware attack hit computers in Ukraine and Russia the hardest. Researchers at Kaspersky Lab’s Global Research and Analysis Team, in Russia, estimated that 60 percent of infected computers were in Ukraine and 30 percent in Russia.

The ransomware is linked to a leaked vulnerability originally kept by the National Security Agency (NSA). Security experts say that the virus Petya, uses an “exploit” developed by the NSA that was later leaked onto the Internet by hackers.

The Petya malware has been confirmed by multiple security firms to resemble the WannaCry ransomware attack, which, in May, infected hundreds of thousands of computers by taking advantage of the NSA hacking tool called Eternal Blue.

Petya, like WannaCry, is a worm that spreads quickly to vulnerable systems. Major corporations across the world have been hit by this new wave of ransomware attack that encrypts computers and then demands that users pay $300 to a bitcoin address to restore access.

With the outbreak of the virus spreading to the United States, officials at New Jersey-based pharmaceutical giant Merck, reported on Twitter, “We confirm our company’s computer network was compromised as part of global hack.”

Eternal Blue takes advantage of a vulnerability in the Windows operating system. Microsoft issued a patch earlier this year for all platforms from Windows® XP to Windows 10 that addressed the vulnerability. Not all Windows users installed the update, which is one of the reasons the virus is able to spread.

Although Microsoft, in March, made available a patch for the Windows flaw that EternalBlue exploited, a new concern is that Petya uses other techniques to infect systems. It has multiple ways and techniques to spread.

Microsoft further advised users to exercise caution when opening files in e-mails from unknown sources, since malware is often spread through e-mail attachments. Microsoft also noted that its antivirus software is capable of detecting and removing the ransomware.

The emergence of Petya and WannaCry really points out the need for a response plan and a policy on how companies should handle ransomware. According to some experts, the Petya ransomware infects computers and then waits for about an hour before rebooting the machine. They suggest while the machine is rebooting, you can switch the computer off to prevent the files from being encrypted.

If the hack is successful and you receive the ransom note, don’t pay the ransom, they warn. Your only recourse is to disconnect your PC from the Internet, reformat the hard drive, and reinstall your files from a backup. Back up your files regularly and keep your antivirus software up to date.