Petya ransomware has affected many computers, networks of some global firms in what is being seen as a massive cyberattack. The Petya cyberattack comes soon after the WannaCry ransomware attack, which had impacted over 300,000 computers worldwide, including those in India.
For the Indian market, the Petya ransomware should come as specially worrying news given how dependent we are as a market on Windows XP (Representational Image. ThinkStock)
Petya ransomware has affected many computers, networks of some global firms in what is being seen as a massive cyber attack. The Petya cyber attack comes soon after the WannaCry ransomware attack, which had impacted over 300,000 computers worldwide, including those in India. With Petya, we know that one terminal in Mumbai’s Jawaharlal Nehru Port Trust is currently out of action thanks to the attack on Dutch firm AP Moller-Maersk .The shipping giant controls one of the terminals.
The full impact of the cyber attack is yet to be assessed. Here’s what cyber security experts have to say on the Petya attack.
Petya ransomware and why it poses a danger to India
For the Indian market, the Petya ransomware should come as worrying news given how dependent we are as a market on Windows XP. According to Saket Modi, CEO and Co-founder of technology firm Lucideus, it is high time that enterprises looked at the issue of security updates seriously.
“Considering the number of open vulnerabilities in operating systems, not due to the unavailability of patches released by OEMs, but due to the unwillingness of companies to push the latest OS patches across their IT infrastructures, such attacks will only keep growing. If you take WannaCry as an example, it’s exploit has been in public since January and its patch (that was a free of cost update) released by Microsoft in March. Even then most companies around the world didn’t upgrade their OS, and the result was WannaCry,” he said in emailed statement.
He also points out that the ransomware has impacted so many sectors across the world, this was not a targeted attack. According to him, over 50 per cent of Windows systems are still not patched across India, which is worrisome figure. He says enterprises in India need to take cyber infrastructure seriously, because it will have direct impact on their business.
Petya ransomware and need to invest in cyber security for enterprise firms
According to Matt Moynahan, CEO of security firm Forcepoint, “The latest ransomware attacks are demonstrating just how vulnerable critical infrastructure is by hitting railways, airports, hospitals and more. The lines between nation-state defense and commercial defense continue to blur.”
Forcepoint says the ransomware spread laterally within an organisation via a vulnerability in the Microsoft Windows system. This was similar to WannaCry. Both Petya and WannaCry exploit the EternalBlue vulnerability in Windows XP and other Microsoft Windows systems to carry out the attack. It should be noted that Microsoft sent out the patch for this back in March, 2016.
Forcepoint’s CEO says the attack shows how easily hackers can gain access to corporate infrastructure, and the motivation behind these attacks needs to be studied. “To address these new and evolving threats, we need to understand the intent and motivations behind them. If we do not invest in the cyber security of our critical infrastructure we will continue to see massive attacks with economic, employee and public safety ramifications,” says Moynahan.
Petya attack is more professional
WannaCry ransomware came with a kill switch, which was discovered accidentally by a security researcher in the UK. But this time, the attackers have gotten better. In a blogpost, F-Secure Security Advisor Sean Sullivan wrote, “WannaCry’s attackers failed because they couldn’t handle the amount of victims they created. But this Petya campaign, which is basically still in its first round, comes across as more professional and ready to cash in.” He says that amateur hour is over when it comes to global cyber attacks, which is not good news.
Don’t pay the Peyta attackers
For those who are infected, the cyber security experts have only one advice across the board: Don’t pay the hackers. Gemalto, which specialises in Digital Security, says consumers should not be paying the ransomware attackers.
“Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. However, neither businesses nor individuals should pay ransoms to unlock any files that have been affected by a ransomware attack, as this incentivises and rewards these kinds of attacks,” said Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto in a statement.
He also says companies should encrypt and back-up their data and store this back-up away from the network, where the rest of the data is stored. This will ensure access to files even in case of a ransomware attack.
Use an anti-virus system, keep it updated
Security firm Symantec says their Symantec Endpoint Protection (SEP) and Norton products can protect customers against the spread of Petya, via the Eternal Blue vulnerability. According to Symantec, products on version 20170627.009 also detect Petya components as Ransom.Petya. Also Petya has been present since 2016. This differs from regular ransomware in the sense that it overwrites and encrypts the master boot record (MBR) of a system, and thus locking out the user from the system.
Source:Indian Express
Petya ransomware has affected many computers, networks of some global firms in what is being seen as a massive cyber attack. The Petya cyber attack comes soon after the WannaCry ransomware attack, which had impacted over 300,000 computers worldwide, including those in India. With Petya, we know that one terminal in Mumbai’s Jawaharlal Nehru Port Trust is currently out of action thanks to the attack on Dutch firm AP Moller-Maersk .The shipping giant controls one of the terminals.
The full impact of the cyber attack is yet to be assessed. Here’s what cyber security experts have to say on the Petya attack.
Petya ransomware and why it poses a danger to India
For the Indian market, the Petya ransomware should come as worrying news given how dependent we are as a market on Windows XP. According to Saket Modi, CEO and Co-founder of technology firm Lucideus, it is high time that enterprises looked at the issue of security updates seriously.
“Considering the number of open vulnerabilities in operating systems, not due to the unavailability of patches released by OEMs, but due to the unwillingness of companies to push the latest OS patches across their IT infrastructures, such attacks will only keep growing. If you take WannaCry as an example, it’s exploit has been in public since January and its patch (that was a free of cost update) released by Microsoft in March. Even then most companies around the world didn’t upgrade their OS, and the result was WannaCry,” he said in emailed statement.
He also points out that the ransomware has impacted so many sectors across the world, this was not a targeted attack. According to him, over 50 per cent of Windows systems are still not patched across India, which is worrisome figure. He says enterprises in India need to take cyber infrastructure seriously, because it will have direct impact on their business.
Petya ransomware and need to invest in cyber security for enterprise firms
According to Matt Moynahan, CEO of security firm Forcepoint, “The latest ransomware attacks are demonstrating just how vulnerable critical infrastructure is by hitting railways, airports, hospitals and more. The lines between nation-state defense and commercial defense continue to blur.”
Forcepoint says the ransomware spread laterally within an organisation via a vulnerability in the Microsoft Windows system. This was similar to WannaCry. Both Petya and WannaCry exploit the EternalBlue vulnerability in Windows XP and other Microsoft Windows systems to carry out the attack. It should be noted that Microsoft sent out the patch for this back in March, 2016.
Forcepoint’s CEO says the attack shows how easily hackers can gain access to corporate infrastructure, and the motivation behind these attacks needs to be studied. “To address these new and evolving threats, we need to understand the intent and motivations behind them. If we do not invest in the cyber security of our critical infrastructure we will continue to see massive attacks with economic, employee and public safety ramifications,” says Moynahan.
Petya attack is more professional
WannaCry ransomware came with a kill switch, which was discovered accidentally by a security researcher in the UK. But this time, the attackers have gotten better. In a blogpost, F-Secure Security Advisor Sean Sullivan wrote, “WannaCry’s attackers failed because they couldn’t handle the amount of victims they created. But this Petya campaign, which is basically still in its first round, comes across as more professional and ready to cash in.” He says that amateur hour is over when it comes to global cyber attacks, which is not good news.
Don’t pay the Peyta attackers
For those who are infected, the cyber security experts have only one advice across the board: Don’t pay the hackers. Gemalto, which specialises in Digital Security, says consumers should not be paying the ransomware attackers.
“Because data is the new oil in the digital economy, ransomware attacks that restrict access to important data until the attacker is paid are becoming increasingly common. However, neither businesses nor individuals should pay ransoms to unlock any files that have been affected by a ransomware attack, as this incentivises and rewards these kinds of attacks,” said Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto in a statement.
He also says companies should encrypt and back-up their data and store this back-up away from the network, where the rest of the data is stored. This will ensure access to files even in case of a ransomware attack.
Use an anti-virus system, keep it updated
Security firm Symantec says their Symantec Endpoint Protection (SEP) and Norton products can protect customers against the spread of Petya, via the Eternal Blue vulnerability. According to Symantec, products on version 20170627.009 also detect Petya components as Ransom.Petya. Also Petya has been present since 2016. This differs from regular ransomware in the sense that it overwrites and encrypts the master boot record (MBR) of a system, and thus locking out the user from the system.
Source:Indian Express
No comments:
Write comments