“Petya” cyberattack: what the experts say
Systems paralysed
Just weeks after the Wannacry ransomware virus caused chaos across the globe, some of the world’s biggest companies have been hit by a second huge cyberattack, said The Daily Telegraph. The “Petya” attack is believed to have started in Ukraine, where it “paralysed” the central bank and other government departments, and brought Kiev airport and the metro network to a standstill on Tuesday, before quickly spreading across Europe. Among the bluechips affected were the world’s largest ad group WPP, the global law firm DLA Piper, the Dutch pharma Merck, the Danish shipping firm Maersk, and the Russian oil giant Rosneft.
Worse than Wannacry?
The scam operates in a similar fashion to Wannacry: “infected computers display a message demanding a Bitcoin ransom of $300”, said The Guardian. But security experts warned that the fallout could be worse, since there is “no kill switch” in the Petya ransomware – dispelling hopes that a “quick fix” could stop the attack. The virus also inflicts more damage on affected devices, targeting the hard drive rather than individual files. “This could rampage for months,” Beau Woods of the US Cyber Statecraft Initiative told the FT – with “more severe implications” than Wannacry, because the virus is structured to spread more quickly and run on several different versions of Windows. The attackers appear to be using multiple ways to enter systems, including phishing emails and the same “Eternalblue” exploit – a vulnerability discovered by, and stolen from, the US National Security Agency – that Wannacry used. The difference, said Eric Chien of Symantec, is that Petya’s perpetrators seem “more professional”.
How should we respond?
Defence Secretary Michael Fallon said this week that the UK is prepared to retaliate against future cyberattacks using military force such as missiles, noted The Times. That seems fanciful, not least because the perpetrators of this attack are unknown. US and UK analysts believe that the Wannacry attack may have been carried out by North Korea, but there is no evidence so far that the same group of hackers is involved this time, said the FT. The best advice for companies is to “patch, back up and have a ransomware policy”. This threat is not going away.