Debate Magazine

New Ransomware Dubbed “Petya” Spreading

Posted on the 01 July 2017 by Darkwebnews @darkwebnews

Petya, a virus in the form of a ransomware, has begun hitting major entities in Europe while spreading to other parts of the world at an unprecedented rate.

Just a few months ago a ransomware by the name of WannaCry (or WCry) was on the loose, disrupting various types of entities and thus bringing operations to a halt. Petya operates similar to WannaCry but differs slightly.

New Ransomware Dubbed “Petya” Spreading

Whereas WannaCry would just lock files in a computer, Petya is much more deadly as it reboots the computer in addition to locking everything up.

The similarity between the two is that they would demand payments in the form of Bitcoins ($300) to have the problem eliminated.

The virus has affected both government and private entities, causing all operations to come to a halt until the situation is resolved.

The cyberattack continues to impact people from all walks of life, as the hack has hit a variety of entities which offer various services-therefore making the number people affected running into the hundreds of thousands if not millions.

But as it is, the number of parties affected is expected to rise in the coming days.

According to multiple sources, the virus affects users who have still not updated their Windows systems to the latest format.

Some of the operating systems created by Windows have vulnerabilities in the file sharing process, which makes it easy for a virus to make its way into computers running on the same network.

Apart from that, another way the virus can spread is by clicking links on the internet.

A while back, Microsoft requested users to update their operating system to the latest format, as doing so reduces their risk of malware exposure.

Since this is not a complete solution to dealing with viruses in the form of ransomware, spyware, etc., users are advised to take extra precautions such as using an antivirus, running checks on their devices regularly, avoiding connecting through unknown and insecure networks and also avoiding clicking links on the internet carelessly.

These rules enable one to stay relatively safe on the web.

Reports by several international media outlets indicate that the hack has hit government agencies, power plants, banks, hospitals, advertising companies, airports, shipping companies, and more.

Among the first to feel the effect were the governments of Ukraine.

The Telegraph carried out a report of the Petya Ransomware and indicated that in Ukraine, many institutions were victims to the hack including an aircraft manufacturer, an airport, the country's central bank and some other agencies.

In the U.K., the same report stated that the advertising firm WPP (which is a PLC) halted its business.

In Denmark, a major shipping conglomerate also fell into the trap and as a result, their operations were put to a stop to await a resolution.

The hack caused entities to temporarily shut down their business operations, because the virus locks all files until the payment is made to the Bitcoin address provided.

Social media is among the main ways this information relayed.

In the case of Petya, a series of tweets were sent by the respective agencies to notify clients of the ongoing attack.

Apart from the companies informing users about the tweet, users were quick to also tweet that some services were not available in specific places.

Emerging reports indicate that the same virus came to light last year.

There are several task forces in various regions set up to investigate the virus.

The investigation takes a look at the code used to run the virus, so at to establish its source.

And it is revealed that, unlike in WannaCry where the virus had a kill switch that was used to limit the spread of the ransomware, Petya does not have a known flaw which experts may use to prevent it from spreading further.

It is for this reason that Petya has reached quite some countries and it continues to spread at a very fast rate.

Companies affected by the virus are advised not to pay the Bitcoin ransom, because the virus does not have a decryption key that will unlock the content in victims' computers-since it clears everything first, then reboots, and lastly locks up the system.

In the event payment is made to the Bitcoin address stated, then one becomes a victim of double scam since they have lost their files and also because they have paid the money.

Several entities and persons have sent Bitcoins to the respective wallets and all these can be monitored in Blockchain.

None of the individuals who have made the payment have recovered their files, as the systems are still locked

After Europe, the ransomware spread and reached America, Asia and Australia.

As it is, the malware continues to spread internationally, affecting more entities in different countries.

In Australia, the Major Airlines Qantas was stricken, jeopardizing operations and causing passengers to remain stranded.

A report by The New York Times indicates that in the United States, a drug manufacturing company (Merck) was affected.

In the Ukraine, apart from just government agencies, a nuclear plant was hit; causing workers to manually monitor the facility to avoid disruption that could result in severe damages.

The hacking tools used to spread Petya were developed by the U.S. intelligence community and in particular, the National Security Agency (NSA).
They used it to gather information by hacking into systems of their perceived targets. The tools were the same as what was used to spread WannaCry.

Reports indicate that a black-hat group by the name of Shadow Brokers stole the tools from the NSA.

This issue has brought about controversy among many governments, with some pointing fingers at others.

For instance, when WCry hit Russia, the U.S. was the first to blame because the country's agencies developed the hacking tools and lost control over their creation.

It is the same tool that is used in Petya, bringing into question how long such tools will be used to cause havoc and cause losses by affected income-generating activities.

In other cases, it causes extreme danger because a disruption at a nuclear facility has the potential of inflicting environmental harm and loss of life.

Because these tools continue to be used, it is up to relevant authorities in collaboration with stakeholders to come up with the solution to avoid further damages.

New Ransomware Dubbed “Petya” Spreading
New Ransomware Dubbed “Petya” Spreading
New Ransomware Dubbed “Petya” Spreading

Disclaimer:

You need to enable JavaScript to vote


Back to Featured Articles on Logo Paperblog