Petya Ransomware Sinks Global Businesses Into Chaos

Petya Ransomware Sinks Global Businesses Into Chaos 620 330 C-Suite Network
petya-ransomware-attack

.NET Reporting Platform for All Your Business Needs
ActiveReports, an enterprise .NET reporting platform, offers developers a Visual Studio integrated designer, data visualization controls, an extensive API, and a fast-rendering engine to create reports for Windows, web, & mobile.
Download now.

A new ransomware exploit dubbed “Petya” struck major companies and infrastructure sites this week, following last month’s WannaCry ransomware attack, which wreaked havoc on more than 300,000 computers across the globe. Petya is believed to be linked to the same set of hacking tools as WannaCry.

Petya already has taken thousands of computers hostage, impacting companies and installations ranging from Ukraine to the U.S. to India. It has impacted a Ukrainian international airport, and multinational shipping, legal and advertising firms. It has led to the shutdown of radiation monitoring systems at the Chernobyl nuclear facility.

Europol, the international law enforcement agency, could not provide operational details on the attack, spokesperson Tine Hollevoet told the E-Commerce Times, but it was trying to “get a full picture of the attack” from its industry and law enforcement partners.

Difficult Doesn’t Have to Be So Difficult: How to Turn Challenging Conversations into Trusting Relationships at Work

Petya “is a demonstration of how cybercrime evolves at scale and, once again, a reminder to business of the importance of taking responsible cybersecurity measures,” Europol Executive Director Rob Wainwright said in a Wednesday update.

Unlike Wannacry, the Petya attack does not include any type of ‘kill switch,’ according to Europol.

Variant Characteristics

The U.S. Computer Emergency Readiness Team on Tuesday began fielding numerous reports about the Petya ransomware infecting computers around the world, and noted that this particular variant encrypts the master boot records of Windows computers and exploits vulnerabilities in the Server Message Block.

The RANSOM_PETYA.SMA variant uses as infection vectors both the EternalBlue exploit, which was used in the WannaCry attack, and the PsExec tool, which is a Microsoft utility used to run processes using remote access, according to Trend Micro.

Users should apply the MS17-010 security patch, disable TCP

Difficult Doesn’t Have to Be So Difficult: How to Turn Challenging Conversations into Trusting Relationships at Work