(Not)Petya: Ransomware on the march

The world has just recovered from the wreaking havoc caused by WannaCry’s widespread malware, that hit an impressive number of companies at the end of May, a seemingly big attack. Just to be attacked again, this time it is a variant of the ransomware Petya, baptized without originality, NotPetya. And a lot of companies and countries have been hit by this new ransomware.

Ukraine seems to have suffered most severely from the impact of this new threat, as the country has seen many of its services paralyzed, such as the Kiev metro, the banking system, supermarkets and the Chernobyl nuclear power plant. Companies like Auchan, Saint-Gobain or SNCF are not left out.

At the moment, we do not even know the extent of the damage because the attack is still ongoing, but a very large number of countries have been affected as nothing seems to stop the ransomware, which encrypts the contents of PCs to render them unusable, until payment of a ransom. A strategy that quickly puts any company into technical unemployment, when the computer is infected.

At present, 60% of the infected computers are in Ukraine and 30% in Russia, but the attack is expanding, so the numbers are likely to increase in some countries. One would think that “heavy goods” companies would be saved thanks to their internal security systems, this has not been the case. For example, the petroleum giant Rosneft, the shipping giant Maersk, the pharmaceutical giant Merck, and others are all affected.

The most annoying thing with the NotPetya ransomware is that it is clearly more complex to eradicate because unlike the majority of ransomware, that simply encrypts personal files, NotPetya goes to the root of the hard disk. The computer is therefore really taken, hostage. A point that complicates the work of cyber security teams to regain control of the machine without paying the ransom, of course, will even prove futile.

Microsoft has provided patches twice, which it has widely publicized, even including Windows XP, which no longer receives extended support.

What is more embarrassing and promises an attack never seen before, is that NotPetya is not Wannacry … For now, no one knows the attack vector and this time it will not be as on Wannacry.

Again, we renew our caution in the days ahead, think before clicking, downloading, or opening an attachment at the risk of getting infected. In addition, update your terminals!

Courtesy Technodite.om