wannacry

Petya Malware Extends Its Claws In 65 Countries Including India

By Varuni Trivedi

After a series of ransomware attacks faced by the world this year, another one came knocking the doors of the industry on June 27, 2017. Petya is supposedly another cyber attack in disguise after the WannaCry ransomware which affected the whole world.

The global cyber attack started from Ukraine where the Chernobyl Nuclear Power plant’s radiation monitoring system went offline and several Ukrainian ministries, banks and metro systems were compromised. The infections further extended in France, Germany, Italy, Poland, United Kingdom, and the United States; but the majority of infections targeted Russia and Ukraine. Petya or NotPetya ransomware Trojan belongs to Ransomware-as-a-Service (RaaS) malware family. The Petya ransomware was first identified in 2016 after which a similar attack was seen on June 27th this year which was named as NotPetya. The hackers have demanded an amount of $300 in bitcoin in exchange for the decryption key.

New reports suggest that the Petya malware is not a regular ransomware but a ‘wiper’. The sole aim of the malware is to delete all data which also includes the data on first sectors of the disk where all the information about operating system is stored.

Earlier, on June 28, it was reported that operations at one of three terminals in Mumbai’s Jawaharlal Nehru Port Trust (JNPT) had come to a halt because of the malware’s affect. The port is still struggling with the after effects of the malware. Statistics suggest that the India is worse hit by this malware among all Asian countries.

Experts have also called Petya a successor of the WannaCry ransomware that hit the world last year. Petya uses the classic SMB network spreading technique and also the Eternal Blue exploit to propagate itself. Even if the organizations have patched against Eternal Blue SMB Networks allow the malware to spread into the systems.

Looking in terms of the profit made by the ransomware, it is very less which makes researchers come to the conclusion that the sole purpose of the malware was to cause massive destruction of data, not to make financial gains.

Leave a Reply

Your email address will not be published. Required fields are marked *