Petya ransomware has affected many computers, networks of some global firms in what is being seen as a massive cyber attack. The Petya cyber attack comes soon after the WannaCry ransomware attack, which had impacted over 300,000 computers worldwide, including those in India. With Petya, we know that one terminal in Mumbai’s Jawaharlal Nehru Port Trust is currently out of action thanks to the attack on Dutch firm AP Moller-Maersk .The shipping giant controls one of the terminals.
The full impact of the cyber attack is yet to be assessed. Here’s what cyber security experts have to say on the Petya attack.
Petya ransomware and why it poses a danger to India
For the Indian market, the Petya ransomware should come as worrying news given how dependent we are as a market on Windows XP. According to Saket Modi, CEO and Co-founder of technology firm Lucideus, it is high time that enterprises looked at the issue of security updates seriously.
“Considering the number of open vulnerabilities in operating systems, not due to the unavailability of patches released by OEMs, but due to the unwillingness of companies to push the latest OS patches across their IT infrastructures, such attacks will only keep growing. If you take WannaCry as an example, it’s exploit has been in public since January and its patch (that was a free of cost update) released by Microsoft in March. Even then most companies around the world didn’t upgrade their OS, and the result was WannaCry,” he said in emailed statement.
He also points out that the ransomware has impacted so many sectors across the world, this was not a targeted attack. According to him, over 50 per cent of Windows systems are still not patched across India, which is worrisome figure. He says enterprises in India need to take cyber infrastructure seriously, because it will have direct impact on their business.
Petya ransomware and need to invest in cyber security for enterprise firms
According to Matt Moynahan, CEO of security firm Forcepoint, “The latest ransomware attacks are demonstrating just how vulnerable critical infrastructure is by hitting railways, airports, hospitals and more. The lines between nation-state defense and commercial defense continue to blur.”
Forcepoint says the ransomware spread laterally within an organisation via a vulnerability in the Microsoft Windows system. This was similar to WannaCry. Both Petya and WannaCry exploit the EternalBlue vulnerability in Windows XP and other Microsoft Windows systems to carry out the attack. It should be noted that Microsoft sent out the patch for this back in March, 2016.
Forcepoint’s CEO says the attack shows how easily hackers can gain access to corporate infrastructure, and the motivation behind these attacks needs to be studied. “To address these new and evolving threats, we need to understand the intent and motivations behind them. If we do not invest in the cyber security of our critical infrastructure we will continue to see massive attacks with economic, employee and public safety ramifications,” says Moynahan.
Petya attack is more professional
WannaCry ransomware came with a kill switch, which was discovered accidentally by a security researcher in the UK. But this time, the attackers have gotten better. In a blogpost, F-Secure Security Advisor Sean Sullivan wrote, “WannaCry’s attackers failed because they couldn’t handle the amount of victims they created. But this Petya campaign, which is basically still in its first round, comes across as more professional and ready to cash in.” He says that amateur hour is over when it comes to global cyber attacks, which is not good news.
Don’t pay the Peyta attackers
For those who are infected, the cyber security experts have only one advice across the board: Don’t pay the hackers. Gemalto, which specialises in Digital Security, says consumers should not be paying the ransomware attackers.
“Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. However, neither businesses nor individuals should pay ransoms to unlock any files that have been affected by a ransomware attack, as this incentivises and rewards these kinds of attacks,” said Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto in a statement.
He also says companies should encrypt and back-up their data and store this back-up away from the network, where the rest of the data is stored. This will ensure access to files even in case of a ransomware attack.
Use an anti-virus system, keep it updated
Security firm Symantec says their Symantec Endpoint Protection (SEP) and Norton products can protect customers against the spread of Petya, via the Eternal Blue vulnerability. According to Symantec, products on version 20170627.009 also detect Petya components as Ransom.Petya.
“Attackers have honed and perfected the ransomware business model, using strong encryption, anonymous Bitcoin payments, and vast spam campaigns to create dangerous and wideranging malware. While consumers in particular (69 percent of all infections) are at risk from ransomware, this year saw evidence that ransomware attackers may be branching out and developing even more sophisticated attacks,” said Tarun Kaura, Director- Product Management, Asia Pacific Japan, Symantec in a statement.
He also points out that Petya has been around since 2016, and this is different from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR). With the master boot record, users are locked out of their device and lose access to the device, because this is how the disk identifies where the operating system is located in order to boot/load it.