‘Petya’ – Ransomware Round 2

One month on from the ‘WannaCry’ ransomware attacks that affected over 230,000 computers worldwide, which grounded the likes of the National Health Service in Britain, we face the next major global cyber attack: ‘Petya’. Considering that the global cyber security market has grown by more than 30 times in the last decade to £94 billion, you’d think that this increased spending would result in fewer widespread attacks forcing major corporations to a grinding halt.

Or maybe £94 billion still isn’t enough in the grand scheme of things.

Is it a completely new attack?

Symantec cyber security experts say that the current attack is using the same exploit as ‘WannaCry’ to infect computers – known as EternalBlue and thought to have been developed by the NSA before being leaked.

However, although Microsoft have released a patch for the exploit, not everyone will have updated to it and the Petya ransomware has another method of attack through two Windows administrative tools.

Will it spread to YOU?

The ‘Petya’ ransomware is thought to have first arisen in Ukraine when the government, banks, state power utility and transport networks were all affected. It has since then spread to large firms in other countries across Europe and the USA.

Unlike ‘WannaCry’, the current attack tries to spread internally within networks, but not seed itself externally – this may have limited the ultimate spread of the ransomware.

It appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government needed to use, and then another wave of infections seemed to be spawned by a phishing campaign containing malware-laden attachments.

What was the motive behind the attack?

This is where this cyber attack becomes quite peculiar. When a computer is infected, the ransomware encrypts documents and files and then demands a ransom for a digital key needed to unlock the files – in this instance, $300 worth of Bitcoin.

However, the way the payment mechanism was set up indicates that it is unlikely that any serious organised criminals are behind this.

Firstly, the ransom note includes the same Bitcoin payment address for every victim – you would expect there to be a different address for every victim, as with most other ransomware. What this means to you and I is that the money is easily traceable. On top of this, there was also a requirement to email proof of payment to a single webmail provider, which led to quick disablement of the email address in question.

The attacker might as well have asked for a cheque posted to his home address.

I think it would be safe to assume that the goal of ‘Petya’ was not to make money, but just another showcase of havoc that highlights existing security flaws coupled with the reliance on we as people to click on attachments we really shouldn’t.

So as always, keep your computers up to date with the latest versions of Windows and OS, as well as anti-virus software…don’t be ‘that’ person to bring your entire place of work down.

More from Datacentreplus

Referral Partner
Enquiry Form

send us your details and we will contact you with all the details about our referral partnership

You can also contact us directly:
Tel: 0161 464 6101