Petya Cyberattack Strikes Global Businesses and Governments
Yet another massive cyberattack is disrupting business and government operations worldwide, with Ukraine and Russia taking the hardest hit, followed by Europe and the U.S. A variant of the Petya ransomware is behind this week’s outbreak, which quickly follows last month’s WannaCry attacks that infected hundreds of thousands of computers across the globe.
Like previous ransomware attacks, the new Petya variant encrypts the victim’s computer and demands payment — in this case, $300 in Bitcoin in exchange for the victim’s data, ABC News reports.
How Petya Works
Petya, also known as Petrwrap, utilizes the EternalBlue exploit, a software vulnerability in Windows, to propagate inside a targeted network, Wired reports. It attacks the Windows Server Message Block service, which shares files and printers across local networks, according to security firm Sophos.
Petya also works to spread internally by using remote administration tools to break passwords and infect other computers on the network. To attack remote PCs, the malware comes bundled with PsExec, an official Microsoft tool used to run processes on remote systems.
Petya shows many similarities to WannaCry, such as the $300 ransom demand, says security vendor Trend Micro. Victims often choose to pay the relatively modest sum and recover their data and operations quickly, a strategy that many security experts dislike.
“As in all ransomware attacks, we advise against paying the ransom. This is particularly true in this case, as the email account mentioned in the ransom note is no longer active,” notes Trend Micro.
Slow Recovery in Progress
According to Bloomberg, government and business operations in Ukraine have suffered the greatest impact. Ukrainian Interior Ministry aide Anton Gerashchenko called the outbreak “the biggest in Ukraine’s history,” one designed to destabilize both the economy and “civic consciousness of Ukraine,” reports Bloomberg.
After the attack, Ukrainian utility Kyivenergo switched off all computers and Ukrainian delivery network Nova Poshta halted service to clients after Petya compromised its network.
Unsurprisingly, the global nature of today’s communications networks has enabled the Petya attack to spread quickly. A.P. Moller-Maersk, the international conglomerate that runs the world’s largest container ship operation, says the attack has impacted many of its business units and email, forcing it to shut down multiple IT systems and business units.
Targets in the U.S. thus far include pharmaceutical giant Merck, multinational law firm DLA Piper and possibly Mondelez International, the maker of Oreo cookies, which says it is unclear whether its technical problems stem from the Petya attack, Reuters reports.
Protecting Against the Cyberattack
The best way to thwart a cyberattack is to make sure your systems have the latest software patches, including the one in Microsoft’s MS17-010 bulletin, advises Sophos. Organizations should also consider blocking PsExec from running on users’ computers.
All employees, including HR staff and those who use attachments regularly in their jobs, should avoid opening email attachments from recipients they don’t know. Furthermore, encrypted backups and offsite backup copies should be a part of every enterprise security regimen.
Organizations should also enable their firewalls, intrusion detection and prevention systems and proactively monitor and validate inbound and outbound network traffic, says Trend Micro.