It has hit 2,000 targets, including banks, telecom companies, metro railways, airports, power plants, oil plants, pharmaceutical companies and government departments
Barely a month after the global Wannacry cyber hack, a new variant of ransomware malware has locked systems across several European countries and India.
Petya, as cyber researchers call it, uses vulnerability in the Microsoft’s Windows system, and encrypts the computer files. It is understood to have been developed by the National Security Agency of the US, later leaked on the internet—the way it happened in case of Wannacry.
“The WannaCry ransomware virus targeted only specific file extensions while still allowing the operating system access,” the Data Security Council of India (DSCI), said in a statement.
Petya has hit 2,000 targets, including Danish shipping giant Maersk, US pharmaceutical firm Merck and several government and private institutions in Ukraine, reported technology portal Wired.
Ukraine’s deputy prime minister Pavlo Rozenko has tweeted a screen shot of a computer monitor displaying the following message, “One of your disks contains errors and need to be repaired…..Warning: DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL YOUR DATA!”
Security solutions firm Kaspersky claims that over 60 percent of the infected systems were in Ukraine and 30 percent in Russian. Incidents have also been reported in Russia, England, US, France, Norway, Israel, Poland, Germany, Italy, Belarus and Lithuania.
“It has affected various business outlets spread across multiple sectors. The affected entities include banks, telecom companies, metro railways, airports, power plants, oil plants, pharmaceutical companies, government departments, logistics companies, food conglomerates, law firms etc. It has also led to shutdown of shipping terminals across the world. A total of 2,000 machines are being reported to be infected by this virus across the world,” the DSCI said.
Reportedly, Indian subsidiaries of UK and Russian based energy and aviation firms were also targeted. “As per a few informal sources, a few banks, insurance companies, law enforcement agencies and a large FMCG organisation have been known to be effected,” the DSCI said. At present, the exact number of infected organisations or ‘targets’ in Indian is not known yet.
Indian computer emergency response team (ICERT), working under the ministry of electronics and IT, has released an advisory cautioning users against Petya ransomware.
Here is what the ICERT recommends:
Apply patches to Windows systems as mentioned in Microsoft security bulletin MS17-010.
Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and back-ups should be stored offline.
Block SMB ports on enterprise edge or perimeter network devices
Don’t open attachments or click on URLs in unsolicited emails, even if they come from people in your list. In cases of genuine URLs, close the email and go to the organisation’s website directly through the browser.
Maintain updated anti-virus software on all systems.
Keep the operating system third party applications (MS Office, browsers, browser Plugins) up-to-date with the latest patches.