Petya Ransomware Attacks companies across Europe and US
A destructive cyberattack – Petya Ransomware has strike companies across the United States and Europe. Ukraine government, banks and electricity grid hit hardest, but companies in France, Denmark and Pittsburgh, Pennsylvania also attacked.
The “Petya” ransomware has triggered severe disruption at large firms including the advertising giant WPP, French construction material company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft, the world’s largest shipping firm, Maersk.
Septic PC and computers show a message demanding a Bitcoin ransom worth $300. Those who pay are asked to send confirmation of payment to an email address. However, that email ID has been shut down by the email provider.
This attack was initially reported in Ukraine, where the government banks, state power utility and Kiev’s airport and metro system were all affected.
Ukrainian PM Volodymyr Groysman called the attack “unprecedented” after several companies and the country’s main airport were hit by hackers. Many companies in the UK, Germany, and Netherlands reported that they were also targeted.
How does the “Petya” ransomware work?
The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry”, said Ryan Kalember from cybersecurity company Proofpoint.
What to do if you are affected by the ransomware?
- Usually what happens is – the ransomware infects computers and then waits for approximately an hour before rebooting the computer. So, when the system is rebooting, you can switch off the computer to prevent the files from being encrypted and try and rescue the files from the system.
- If the machine gets reboots with the ransom note, don’t pay the ransom because the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway.
- Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup.
- Back up your files regularly and keep your anti-virus software up to date.