Widespread Disruption caused by the Petya Ransomware

Companies have been hit by a global cyber attack, the second major ransomware attack in the past couple of months. The Petya ransomware has spread through large companies and led to data being encrypted and held to ransom.

This is the second major global ransomware attack in the past two months, following the WannaCry attack that crippled the NHS back in early May. This attack affected more than 230,000 machines worldwide, with the vulnerability first being revealed to the public as part of a series of leaked NSA documents. The Petya virus is similar, in that it spreads rapidly through Windows networks.

Ransomware is a type of malware that blocks access to data on a computer or server by encrypting it and demanding money to decrypt it. Upon infection the ransomware encrypts files and demands a ransom, typically in Bitcoin, in return for the key to unlock the data. If the victim of the attack doesn’t have an up to date backup of their data, they either have to pay the ransom or face losing their files.

The Petya ransomware takes over your computer and demands $300 in Bitcoin. The software then spreads rapidly across an organisation via the EternalBlue vulnerability present in Windows operating systems, which has been fixed by Microsoft, but not everyone has installed the update. This iteration of the virus is not the same as the original one, but rather shares a significant amount of code with the Petya virus; Kaspersky’s Lab have dubbed it ‘NotPetya’. Major antivirus companies claim that their software has now been updated to actively detect and protect against Petya. In addition to having a good, up-to-date anti-virus program running, users should also install the latest Windows update. Which stops the EternalBlue vulnerability, the main avenue of infection for the Petya ransomware.

The attack originated in Ukraine, and according to Ukrainian cyber police, was seeded through accounting software used by the Ukrainian government via an update. This explains why Ukraine has been significantly hit; the attack affected the government, airports, the metro system and banks. Slightly worryingly, the radiation monitoring system in Chernobyl was taken offline, meaning employees had to manually measure levels of radiation during the exclusion zone of the former nuclear plant.

Beyond Ukraine, the Petya ransomware has caused widespread disruption in the rest of Europe, as well as the US. Russian steel and oil firms Evraz and Rosneft, legal firm DLA Piper, French construction company Saint-Goban and the US advertising firm WPP were among the companies affected. What this latest cyber attack has shown is the importance of regular backups, to preserve your data.

data recovery