Petya Ransomware Spreading Fast Across the Globe!

News  has broken revealing that firms around the globe have been hit by a major cyber-attack. Ukrainian companies, including many banks and the state power distributor was the first to report issues, but it is spreading rapidly and has now hit organisations across the globe.

Amichai Shulman, co-founder and CTO at Imperva, said: "At the end of the day, all Ransomware is basically the same. Hackers, via the ransomware, are making files unavailable to users and as a consequence disrupt operations. As long as the infection and effect of the Ransomware is constrained to end points, the damage to organisations should be minimal. That is key.

"Some might say – why after WannaCry are systems still unpatched? The issue of patching is irrelevant when looking at a potentially self-replicating malware like Petya because in any large network there will be some unpatched devices. By protecting file servers (e.g. deploying File Firewall solutions) rather than focusing on endpoints, organisations can minimise the effect of such incident and avoid disruption to business.

"One interesting aspect of Petya is clearly attribution. As demonstrated by WannaCry, rapidly replicating Ransomware is not a viable financial model. This data supports the argument that this malware is nation state driven and is only aimed at disrupting operations rather than monetising on the ransom."

Ryan Wilk, director at NuData Security, added: “Last month’s WannaCry attack likely emboldened cybercriminals worldwide. Today’s outbreak is another example of how pervasive the malware problem has become. There is a definite need for a multi-layered approach, that includes employee education about unusual links, what phishing emails look like and the concern for social engineering.

"There is the organisational need to stay up to date with patches, routine backups and impermeable barriers to entry. Finally there is the design need to build systems from the ground up that protects users and data through multi-factor authentication that includes passive biometrics and behavioural analytics.

"Behaviour-based authentication can vastly increase security of automated attacks and account takeovers. This rising trend must be countered with proactive measures to ensure ransomware and ransomware-as-a-service become ineffective."

Paul Fletcher, cybersecurity evangelist at Alert Logic, noted: "At this point, all indications point to a successful distribution of an updated version of the Petya ransomware.  It seems that the update to this ransomware is the use of SMB vulnerabilities to spread (similar to WannaCry via the NSA leak). The attackers are requesting 300 dollars in bitcoin and have collected over 4,000 dollars at this point."

Also Read

Stay in the know with our newsletter