Petya:Latest malware attack

A fast-spreading computer virus that ravaged data systems in Europe and the United States earlier this week has again raised questions about whether United States businesses and organizations are prepared for cyber threats.

The new attack came just a month after the massive “Wanna Cry” ransomware campaign that infected computers across the world using tools believed to have been stolen from the NSA.

Ransomware traditionally renders a system unusable and encrypts data, then requires victims to pay money or perform another action to regain access. “But a growing number of security researchers believe that the new malware merely posed as ransomware to cover up its real goal of destroying data, some concluding that Ukraine was the ultimate target.”

The new variant of “Petya,” which has been given several names by cybersecurity experts, first hit Ukraine on Tuesday. The attack spread to the country’s government, banking industry, and the international airport in Kiev. It also affected Russia’s largest oil company.

The virus locks users out of their computers and demands a bitcoin ransom worth $300. But as the virus spread, it quickly became clear that paying the ransom would not recover the files, leading some researchers to conclude that it was in fact a “wiper” — an attack meant to destroy data.

The Petya outbreak is the second ransomware campaign to produce global shockwaves in less than two months. Wanna Cry, which broke out in mid-May, infected thousands of machines in over 150 countries.

Cybersecurity firm Symantec has tied Wanna Cry to a hacker group associated with North Korea.

The viruses both rely on an exploit called “Eternal Blue” that is widely believed to have been developed by the National Security Agency. The hacking tool, which leverages a software vulnerability in Microsoft Windows, was released by the anonymous ShadowBrokers group earlier this year.

The latest attack’s spread has slowed down for now.here is widespread agreement in the security community that global businesses need to step up securing and defending their networks, since these types of attacks are expected to continue.

A fast-spreading computer virus that ravaged data systems in Europe and the United States earlier this week has again raised questions about whether United States businesses and organizations are prepared for cyber threats.

The new attack came just a month after the massive “Wanna Cry” ransomware campaign that infected computers across the world using tools believed to have been stolen from the NSA.

Ransomware traditionally renders a system unusable and encrypts data, then requires victims to pay money or perform another action to regain access. “But a growing number of security researchers believe that the new malware merely posed as ransomware to cover up its real goal of destroying data, some concluding that Ukraine was the ultimate target.”

“We believe that this was an intentionally destructive attack against the Ukrainian economy,” said Charles Carmakal, vice president at Mandiant, a subsidiary of the cybersecurity firm FireEye. “An attack like this will inevitably happen in the United States.”

The new variant of “Petya,” which has been given several names by cybersecurity experts, first hit Ukraine on Tuesday. The attack spread to the country’s government, banking industry, and the international airport in Kiev. It also affected Russia’s largest oil company, Rosneft.
There is widespread agreement in the security community that global businesses need to step up securing and defending their networks, since these types of attacks are expected to continue.

“It’s a lot of lessons that haven’t been learned from Wanna Cry,” “A lot of unpatched machines, a lot of machines without updates.”

Point is, this is going to happen again . “We have seen new variants of ransomware spread every two to three days for the last 18 months — and that’s just ransomware.”

Source: Google