Petya cyber attack: What’s going on with the latest ransomware virus? – ABC News (Australian Broadcasting Corporation)
Petya cyber attack: What’s going on with the latest ransomware virus?
Could you be affected? Here’s what we know so far.
How did it start?
The attack first shut down operations in Russia — including at Russia’s biggest oil company — and Ukraine before spreading to computers in Romania, the Netherlands, Norway, France, Spain, and Britain.
In a matter of hours, the attack had gone global, hitting the US and India.
Now, it’s also understood some businesses in Australia — including the Cadbury chocolate factory in Hobart — are also affected.
- The attack first shut down operations in Russia and Ukraine before going global
- Experts are scrambling to determine the scope and impact of the attacks
- It is believed the latest attack might be a ransomware virus called Petya
How does it work?
It’s believed the latest attack might be a ransomware virus called Petya and hidden in an innocuous document sent through email.
It freezes a user’s computer until a “ransom” is paid in virtual currency bitcoin.
The director of the Australian Centre for Cyber Security at UNSW, Professor Jill Slay, said the attack seemed to be in Europe, Russia and reaching the US.
“It spreads apparently by having a ‘bad’ instruction — like a small piece of computer code — hidden inside a Word or PDF document,” Professor Slay said.
“This bad instruction attacks a Windows operating system basically taking over a computer — in this case it seizes the files and encrypts them and then the bad guys ask for money to decrypt — this means you cannot open or read your own files.”
It’s also been suggested to have used the same tactics as the Wannacry attack last month.
Who started it and how can we trace them?Photo: Hackers have asked to be paid in Bitcoin. (AFP: George Frey)
The source is still unknown.
And even if people pay a ransom through bitcoin, it’s virtually untraceable.
“It is being suggested that the roots of this are in the Ukraine,” Professor Slay said.
“This is the kind of issue that investigators have determined from the fact that original accompanying emails are written in Russian and Ukrainian.
“However, attribution is always difficult.”
Companies and government agencies confirmed to be affected:
- Merck: second-largest drug maker in the United States, based in New Jersey
- Rosneft: Russia’s largest oil company, partly state-owned
- Ukraine: power grid, banks, government offices and international airport
- TNT Express: Netherlands-based transport company
- AP Moller-Maersk: oil and shipping company based in Copenhagen, Denmark
- Mondelez International: US food and drinks company based in New Jersey
- DLA Piper: global law firm based in US and UK
- Heritage Valley Health System: hospital and health care system near Pennsylvania
- WPP: advertising company based in London
Will this latest attack have ramifications for businesses and should they pay the ransom?
Professor Slay said it remained to be seen whether they should pay up.
“We don’t know whether they really do decrypt if the price is paid,” she said.
She said even if they haven’t been hacked, businesses should do the due diligence and be prepared.
“They should update all Windows systems if not updated and make sure all critical files are backed up,” she said.
“Businesses should also have a look at control systems which may not get fast updates since this virus seems to be attacking control systems [electricity, transport etc].”
Should regular South Africans be worried and are they at risk?
They could be.
South Afican computer users should make sure they:
- Back up files
- Turn on Microsoft updates
- Take special care not to open emails with PDF or Word attachments if they are not expecting them or if they do not know the sender
What is the first sign you might have been hacked?
You’ll see this:
“I think it is an email asking for ransom and inability to open files or systems seizing up,” Professor Slay said.
Will turning your computer off quickly stop the hackers from accessing your information?
Professor Slay said this was unlikely to protect you.
“I would think not, once the attachment is open — if this is really the only way it is being spread — then it will work very quickly,” she said.
“Just be really careful to back up, update Windows and applications, do not open unexpected attachments to emails — this is what we should be doing anyway — and install antivirus software if you do not have it already.”
But, there is a school of thought that the sooner you turn off your computer, the better as your files might not be encrypted yet.
What’s the Government saying about it?
ABC News spoke to the Minister Assisting the Prime Minister, Dan Tehan, about the cyber attack.