Site icon Astra Security Blog

Petya Ransomware Attack: Computers Worldwide Severely Hit

Bhagyeshwari Chauhan

As another grim reminder of the susceptible state of our cyber security systems, a massive ransomware has struck computers worldwide. What started as an attack on the servers of Russia’s biggest oil company and disrupting of operations at Ukrainian banks, the Petya Ransomware has now also spread to computers in Romania, the Netherlands, Norway, France, Spain, Britain, and Australia.

This Blog Includes show
How does Petya Ransomware work?
What should you do if you are a victim?
A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine’s state-owned bank Oschadbank after being hit by the Petya ransomware. Image source: REUTERS/Valentyn Ogirenko

The most affected country was Ukraine where the Chernobyl nuclear power plant systems were reportedly switched to manual as a precautionary measure.

How does Petya Ransomware work?

The ransomware called Petya is concealed in a benign looking document circulated via e-mail. It freezes a user’s computer until a “ransom” is paid in virtual currency bitcoin.

Once infected with the Petya virus, it results in a complete lockdown of a computer’s hard drive as well as individual files stored on it. It is harder to recover information from computers affected by this ransomware, which can also be used to steal sensitive information.

Cadbury’s Hobart computers in Tasmania attacked by the Petya ransomware.

Similar to WannaCry, Petya could have exploited ‘Eternal Blue’, a tool created by the National Security Agency and leaked online by the Shadow Brokers. This, in turn, could have been used to exploit problems in Microsoft’s software.

What should you do if you are a victim?

Computers running the most recent update of Microsoft’s software should be safe from this attack. However, users are advised to check their Windows version and refrain from clicking on malicious links or PDFs received via e-mails.

It is advised to never pay the ransom as it further encourages the attackers. Even if you end up paying the ransom, there is also no guarantee that all files will be returned intact. Instead, the best one can do in such a situation is to restore files from a backup. If this isn’t possible, there are some tools that can decrypt and recover some information.

The ramifications of this attack on businesses worldwide are infact grave. If you’ve not been attacked, it is highly advisable to do the due diligence and secure your businesses.

Worried about getting hacked? Contact Astra to secure your online business.

Exit mobile version