Context

India is the worst hit nation in the Asia pacific region by “Petya Ransomware”, with operations wedged at Jawaharlal Nehru Port Trust in Mumbai.

 Why in the news? (Key highpoints)

  • A report by Symantec identified that India is the worst hit country by Petya in APAC and 7th globally
  • The government has asked for National Cyber Security Coordinator, Gulshan Rai to monitor the situation at Jawaharlal Nehru Port Trust (JNPT) where one of three terminals was impacted
  • P. Moller-Maersk was also hit affecting multiple sites and business units including the Gujarat Pipavav Port Limited
  • Numerous companies have been crippled by global cyberattack, the second major ransomware crime in two months.

What is a Ransomware?

  • Ransomware is a form of malicious software intended to block access or threatens to erase the victim’s data until a ransom is paid.
  • Many popular ransomware malware prefer to obtain payment through Bitcoin as it is difficult to trace.

 There are numerous types of Ransomwares as of today.

  • Crypto-ransomware: This Malware encrypts the systems files and forces users to pay a ‘ransom’ through certain online payment methods to get a decrypt key.
  • WannaCry: WannaCry is a widespread ransomware campaign that is affecting organizations across the globe. Over 125,000 organizations in over 150 countries have been impacted.
  • Jigsaw: Jigsaw encrypts then progressively deletes files until ransom is paid. The ransomware deletes a single file after the first hour, and then deletes files every hour from thereon.
  • KeRanger:  KeRanger ransomware was recently discovered on a popular Bit Torrent client. It is known to be specifically designed (First of its kind) to lock Mac OS X
  • Crysis: This form of ransomware can encrypt files on fixed, removable, and network drives and uses strong encryption algorithms
Print Friendly, PDF & Email
Posted in Knowledge Base | Leave a comment

What is “Petya Ransomware?”

  • Petya is a family of encrypting ransomwarethat infects the master boot record and encrypts the NTFS file table, demanding a payment in Bitcoin in order to regain access to the system.
  • The malware specifically targets Microsoft Windows-based systems.
  • Ukraine has emerged as the epicenter of the attack with 60 per cent of the systems infected as reported by Kaspersky.

 

Print Friendly, PDF & Email
Posted in Knowledge Base | Leave a comment

How does the Petya ransomware work?

  • The ransomware takes over computers and demands $300 to be paid in Bitcoin.
  • The malicious software spreads rapidly through an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows.

Where did it start?

  • The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police.

 How far has it spread?

  • The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft
  • Who is behind the attack?
  • Many experts believe that Petya was designed to spread fast and cause as much damage as possible with a believably deniable cover of ‘ransomware’
  • Security researcher from cybersecurity blog Krebs on Security stated that ‘Petya’ was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.
  • Pseudonymous security researcher noted that the new Petya is not designed to make money but as a criminal enterprise with intent to hurt victims specifically.

Q&A

  • On account of recent Ransomware outbreaks all over the globe, cyberattacks are the new menace and a global threat. Critically Examine.

Print Friendly, PDF & Email

Did you like what you read?

Enter your email address below to get all our updates in your inbox the moment it is published. Once you enter your email address, you will be subscribed immediately.


We do not spam you, so you can easily unsubscribe anytime, by clicking on unsubscribe link in the email.