Who is behind the Petya ransomware attack and how much has it affected?
“There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability”, the Swiss Reporting and Analysis Center for Information Assurance (MELANI) told the Reuters news agency in an e-mail. “You won’t want to make that decision at a time of panic, in a cloud of emotion”. Ukraine and Russian Federation are the worst affected, though the attack has also impacted some companies in the USA and other Western European countries.
Shipping company A.P. Moller-Maersk said every branch of its business was affected.
But the damage was worst in Ukraine.
The hacks targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, demanding ransoms from government employees in the cryptocurrency bitcoin.
Russia, Iran, China or North Korea could be suspects, he added.
The world is still recovering from a previous outbreak in May of ransomware, called WannaCry or WannaCrypt, which spread rapidly across the world using digital break-in tools originally created by the U.S. National Security Agency and recently leaked to the web.
“Once you unleash something that propagates in this manner, it’s impossible to control”, he said.
It dubbed the virus “ExPetr” and advised companies to update their Windows software and install the MS17-010 security patch as well as to back up their data.
Once a certain computer network has been infected, it would spread quickly to other computers connected to said network via tools such as the Windows Management Instrumentation (WMI). It appeared almost identical to GoldenEye, a variant of a known family of hostage-taking programs known as “Petya”, he said. It limits itself to the computers linked to the same router, he said.
Ryan Kalember, a security expert at Proofpoint, said one reason the attacks appeared to be slowing down was that the ransomware appears to spread only when a direct contact exists between two networks – such as when a global company’s Ukraine office interacts with headquarters. Ground zero was Ukraine.
A number of Ukrainian banks and companies, including the state power distributor, were hit by a cyber attack that disrupted some operations, the Ukrainian central bank said.
The mayhem reached high into the government.
Ukraine’s vice prime minister, Pavlo Rozenko, tweeted a screenshot of his malfunctioning computer saying computers at the Cabinet of Ministers had been affected.
“Ta-Dam!” he wrote. “It seems the computers at the Cabinet of Ministers of Ukraine have been ‘knocked out.’ The network is down”.
Unlike typical ransomware, which merely scrambles personal data files, the program wreaking havoc Tuesday overwrites a computer’s master boot record, making it tougher to restore even a machine that has been backed up, said Kalember. Russia, Ukraine, UK and Spain are the main targets of this Ransomware.
Other companies that said they had been hit by a presumed cyber attack included Russian metal maker Evraz, French construction materials firm Saint Gobain and the world’s biggest advertising agency, WPP – though it was not clear if their problems were caused by the same virus.
Production at the Cadbury factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.