Petya Ransomware Global Cyber Attack

Petya Ransomware Global Cyber Attack Spreads to Mulitple Countries

Petya cyber attack has struck Europe, the United States, the Middle East, and Australia. Affected countries include Spain, Germany, Israel, the UK, Netherlands and the United States.

Australian companies Mondelez, Cadbury, as well as law firm DLA Piper. In the Ukraine, which was the hardest hit so far, the Ukrainian National Bank, the state power company, the metro, and the main airport in Kiev are all affected with the Petya ransomware outbreak. Chernobyl’s radiation monitoring system is also affected. Affected European companies include WPP, A.P. Moller – Maersk shipping, Saint-Gobain in France, and Russian steel and oil firms Evraz and Rosneft.

A notice on A.P. Moller – Maersk corporate website states:

We can confirm that on Tuesday 27 June, A.P. Moller – Maersk was hit, as part of a global cyber-attack named Petya, affecting multiple sites and select business units. We are responding to the situation to contain and limit the impact and uphold operations.

What is Petya ransomware?

Petya ransomware is a malicious software or malware that locks a machine’s hard drive and files. The Petya ransomware demands a ransom of $300 Bitcoin to return control of the computer to its owner. Petya not only locks personal computers, it also hacks point of sale devices such as gasoline pumps. Petya Affects unpatched Microsoft Windows machines by exploiting a vulnerability known as EternalBlue. It is not possible to pay the ransom for the Petya ransomware cyber attack. The Petya ransomware uses one email address for its Bitcoin wallet. That email address has since been shut down by the email provider so it can no longer receive payments.

What is EternalBlue?

EternalBlue, also called Eternal Blue, is a National Security agency hacking tool. It was released by the Shadow Brokers hacker group. EternalBlue was also the exploitation used by the recent WannaCry Ransomware attack. EternalBlue exploits a vulnerability in Microsoft’s Server Message Block protocol which accepts specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer. The ShadowBrokers have released NSA exploits, including those that target enterprise firewalls, anti-virus products, and Microsoft products.

What are Ransomware attacks?

Ransomware cyber attacks are a form of malware that takes control of a computer or network. Generally, ransomware is spread though emails, but it is possible to infect a computer via worm. Ransomware demands payment to return control of the infected computer. The most recent global ransomware attack was WannaCry which infected hundreds of thousands of machines, including the British National Healthcare System. WannaCry also demanded $300 in Bitcoin as ransom.