Petya ransomware slams Windows PCs shut in massive attack


The cyberattack is moving quickly, locking down systems at an alarming rate.

Another widespread ransomware attack is threatening to wreak havoc across the world.

Businesses and government agencies have been hit with a variation of the Petya ransomware — that is, malware that holds crucial files hostage. The malware is demanding $300 in bitcoin before victims can regain access.

The new ransomware, identified by security firm Bitdefender as GoldenEye, has two layers of encryption, researchers said. It locks up both your files and your computer’s file system.

“Just like Petya, it is particularly dangerous because it doesn’t only encrypt files, it also encrypts the hard drive as well,” said Bogdan Botezatu, a senior threat analyst with Bitdefender.

The malware forces an infected PC to reboot as soon as it finishes encrypting files, so you’ll see the ransom demands as soon as possible. Researchers at Recorded Future said there’s also a hidden Trojan on Petya that steals victims’ usernames and passwords.

This is the second global ransomware attack in the last two months. It follows the WannaCry outbreak that ensnared more than 200,000 computers, locking up hospitals, banks and universities. Like WannaCry, the GoldenEye and Petya attacks affect only computers running the Windows operating systems.

Microsoft released patches for all Windows operating systems after the global outbreak, but people who’ve updated their computers could still be affected, according to Anomali, a threat intelligence company. That’s because Petya can also spread through Office documents, taking advantage of yet another vulnerability and combining it with similar wormholes a la WannaCry.

More than 38 million computers scanned last week are still vulnerable to the ransomware attack because they have not patched their systems, according to data from Avast’s Wi-Fi Inspector.

“The actual number of vulnerable PCs is probably much higher,” Jakub Krostek, Avast’s Threat Lab Team lead, said.

The difference between Petya and WannaCry is that Petya apparently does not have a kill-switch that could be accidentally triggered.

The hit list

Government agencies in Ukraine, along with financial firms, banks and a power distributor, got hit by the attack Tuesday morning. Russia’s largest oil exporter, Rosneft, was also slammed with a cyberattack on its servers.

More than half of the attacks occurred in Ukraine, according to Costin Raiu, director of global research at Kaspersky Lab. Tensions between Ukraine and Russia continue to boil over cyberattacks between the two neighboring nations.

Ukrainian Prime Minister Volodymyr Groysman called the attack “unprecedented,” but also said crucial IT systems were unaffected by the malware. “Our IT experts are doing their work and protecting strategic infrastructure,” Groysman said in a post on Facebook.

Rosneft said the cyberattack did not affect its oil production because it had switched to a reserve control system.

US-based pharmaceuticals giant Merck said Tuesday that its computer network was “compromised as part of [the] global hack.”

A.P. Moller-Maersk, the world’s largest shipping company, said it suffered a cyberattack that took down multiple IT systems.




Leave a Reply