The ransomware attacks keep coming, posing huge threats and new challenges to businesses around the world. After the WannaCry worm affected hundreds of thousands of computers last month, it’s the turn of a new, more advanced attack to stop businesses in their tracks.
Petya, as some analysts are calling the latest wave of attacks, infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency, Bitcoin. According to researchers, the ransomware virus is a worm that infects networks by “moving from computer to computer”.
Law-enforcement and cybersecurity experts agree that victims should never pay ransom for such attacks.
The cyberattack, which bears the hallmarks of WannaCry but is more sophisticated, uses a hacking tool called EternalBlue. A “zero-day” exploit, EternalBlue exploits a loophole in Microsoft Windows and was believed to be part of a slew of US National Security Agency cyberweapons posted online in April by the hacker group Shadow Brokers.
Zero-day exploits are tools that take advantage of software vulnerabilities hackers can use to get into computer programmes and data.
A security expert quoted by a report has said the leak was “by far the most powerful cache of exploits ever released”. “It effectively puts cyberweapons in the hands of anyone who downloads it,” he added.
Analysts have observed that the new cyberattack appears to use a lot of the same elements as WannaCry, but is spreading and replicating itself in a more sophisticated way. “This attack is not just encrypting files — it’s encrypting at a deeper level than that,” according to one of them.
One of the major differences between the two attacks, say experts, is that the most recent event does not yet appear to be susceptible to a hardcoded “kill switch” – which means it may prove harder to overcome.
Leading international businesses headquartered in Europe and the US have been affected. These include Russian oil and gas major Rosneft, Danish shipping line Maersk, US-based pharmaceutical company Merck and law firm DLA Piper. Ukrainian organisations seems to took a particularly heavy blow as officials said banks, government offices, the postal service and Kiev’s metro system were experiencing problems. The ransomware also reportedly caused problems with the monitoring system of the Chernobyl nuclear power plant.
Mondelez, the maker of Oreos, and British advertising giant WPP said their IT systems were experiencing problems.
It was not yet clear if firms in the Asia-Pacific region had been seriously affected, though some reports had started coming in.
Regular consumers who have up-to-date Windows computers are safe from this attack, according to experts. However, if there’s one out-of-date machine on a company’s network, it could infect other connected computers.
While it’s unclear how far-reaching Petya’s consequences will be, they are likely to be “quite large”, an expert said.
It’s also too early to say who might be responsible for unleashing the virus. Intelligence agencies and security researchers have linked WannaCry to a group associated with North Korea. However, it’s unclear if the new ransomware worm is connected.
Whatever its source might be, analysts feel the people carrying out the new attack have learned some lessons from the WannaCry campaign and come up with a more potent weapon.
