India is the worst hit nation in the Asia pacific region by “Petya Ransomware”, with operations wedged at Jawaharlal Nehru Port Trust in Mumbai.
Why in the news? (Key highpoints)
- A report by Symantec identified that India is the worst hit country by Petya in APAC and 7th globally
- The government has asked for National Cyber Security Coordinator, Gulshan Rai to monitor the situation at Jawaharlal Nehru Port Trust (JNPT) where one of three terminals was impacted
- P. Moller-Maersk was also hit affecting multiple sites and business units including the Gujarat Pipavav Port Limited
- Numerous companies have been crippled by global cyberattack, the second major ransomware crime in two months.
- Ransomware is a form of malicious software intended to block access or threatens to erase the victim’s data until a ransom is paid.
- Many popular ransomware malware prefer to obtain payment through Bitcoin as it is difficult to trace.
There are numerous types of Ransomwares as of today.
- Crypto-ransomware: This Malware encrypts the systems files and forces users to pay a ‘ransom’ through certain online payment methods to get a decrypt key.
- WannaCry: WannaCry is a widespread ransomware campaign that is affecting organizations across the globe. Over 125,000 organizations in over 150 countries have been impacted.
- Jigsaw: Jigsaw encrypts then progressively deletes files until ransom is paid. The ransomware deletes a single file after the first hour, and then deletes files every hour from thereon.
- KeRanger: KeRanger ransomware was recently discovered on a popular Bit Torrent client. It is known to be specifically designed (First of its kind) to lock Mac OS X
- Crysis: This form of ransomware can encrypt files on fixed, removable, and network drives and uses strong encryption algorithms
- Petya is a family of encrypting ransomwarethat infects the master boot record and encrypts the NTFS file table, demanding a payment in Bitcoin in order to regain access to the system.
- The malware specifically targets Microsoft Windows-based systems.
- Ukraine has emerged as the epicenter of the attack with 60 per cent of the systems infected as reported by Kaspersky.
How does the Petya ransomware work?
- The ransomware takes over computers and demands $300 to be paid in Bitcoin.
- The malicious software spreads rapidly through an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows.
Where did it start?
- The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police.
How far has it spread?
- The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft
- Who is behind the attack?
- Many experts believe that Petya was designed to spread fast and cause as much damage as possible with a believably deniable cover of ‘ransomware’
- Security researcher from cybersecurity blog Krebs on Security stated that ‘Petya’ was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.
- Pseudonymous security researcher noted that the new Petya is not designed to make money but as a criminal enterprise with intent to hurt victims specifically.
- On account of recent Ransomware outbreaks all over the globe, cyberattacks are the new menace and a global threat. Critically Examine.