Edgy Labs covers the Petya ransomware attack as well as its connections to the WannaCry attack and leaked NSA malware.
In light of the most recent cyber attack, if your company isn’t taking cybersecurity seriously it should.
And, if by some chance you haven’t heard of the Petya Ransomware attack, you will soon. In a series of global events, the Petya and WannaCry ransomware attacks have compromised tons of corporate data–mostly because of neglecting to perform automatic Windows updates.
What Did the Petya Ransomware Attack do?
The Petya ransomware, like WannaCry, freezes your computer or network’s files until a hefty ransom is paid in Bitcoin.
In an interview with BBC, Andrei Barysevich, a spokesman for security firm Recorded Future, said these attacks won’t stop anytime soon.
“A South Korean hosting firm [Nayana] just paid $1m USD to get their data back and that’s a huge incentive,” he said. “It’s the biggest incentive you could offer to a cybercriminal.”
Experts believe this is the same malware and the same tactics used as the WannaCry attack last month.
Petya, a ransomware first seen in 2016, and its most recent iteration seem to be a buffed up version of WannaCry–its encryption is stronger than both previous Petya and last month’s WannaCry attacks.
When WannaCry was in full swing, a young British IT expert, Marcus Hutchins, discovered a weakness in WannaCry, a possibly unfinished feature that, when triggered, stopped the attack from spreading. So far, with Petya, there is no such weakness.
Various experts refer to this Petya as “NotPetya” and even “GoldenEye”–perhaps a nostalgic reach back to when games were simpler.
No matter the adage, Petya has compromised vital systems, including those of Danish shipper Maersk and Merck, a U.S. pharmaceutical company.
Origins: The WannaCry Cyber Attack Attack
Cyber-security firm Avast says it has seen over 75,000 cases of WannaCry ransomware infection in 99 countries.
The WannaCry cyber attack used tools believed to have been stolen from the U.S. National Security Agency (NSA) by the ShadowBrokers. The WannaCry attackers demanded a payment of $300 USD (£230) in Bitcoin to unlock the files for each computer they compromised.Petya Ransomware won $1 million USD from a South Korean business. Don't let yours be next.Click To Tweet
Among the worst hit was the National Health Service (NHS) with over 40 divisions suddenly finding vital operations and appointments canceled, says the BBC.
Thankfully, if you use Windows 7 or newer and keep up with automatic updates, you were protected against the latest WannaCry attack.
What to do if you or Your Company has Been Compromised
The source(s) of the Petya attack and Wanna Cry cyber attack are still mostly unknown.
In a statement, the U.S. National Security Council said that the U.S. was “determined to hold those responsible accountable.” Officials at the NSA report they are currently investigating the attack.
The U.S. Department of Homeland Security advises you do not to pay the ransom, as there is no guarantee that your files and/or devices will be restored.
If you receive replies to messages you have not sent, warning emails about the deletion of your account, or a service you subscribe to starts sending fishy emails, you could have encountered a hacking attempt.
You can check out services such as “Have I Been Pwned” by entering your email address in the corresponding field and the feature will tell you if you’ve been compromised.
Remember, your computer isn’t just vulnerable because it’s connected to the Internet; it’s also made vulnerable by your behavior.