The recent Petya ransomware tragedy that struck the computer systems worldwide, is the second largest cyber-attack after the WannaCry Ransomware that had hit the world last month.
The recent attack hit many countries, locking up the PCs and crippling enterprise-services. Ukraine and Russia were identified among the worst affected countries.
Based on the findings of security firm Kaspersky, the ransomware could possibly be a variant of Petya.D, Petya.A, or PetrWrap. Though it widely affected the systems just like WannaCry, but it is not its variant.
The Petya ransomware locks a computer’s files with a message and demands a ransom in lieu.
The attack reportedly started through an update that was used on a third-party Ukraine software, known as MeDoc. The software was used by many organizations in the country and is identified as the primary reason behind Ukraine being largely affected.
In Ukraine, government offices, banks, energy companies, cash machines, gas stations, railways, Chernobyl power and supermarkets, all were impacted.
Many multinationals like law firm DLA Piper, Mendelez International, Merck and shipping giant AP Moller-Maersk were also impacted.
Per Kaspersky, 60 percent of the attack hit in the Ukraine region while 30 percent was in Russia.
The ransomware reportedly used the EternalBlue Exploit – a software vulnerability in Microsoft’s Windows, just as in WannaCry attack. The tech giant had issued a security update for the same on March 14th – that is before the ransomware attack, and hence those who updated their systems were saved while others had to pay the cost.
The lack of proper security measures and failure to keep the systems updated are supposedly the major reasons behind the attacks.
Though the security agencies and cyber-police have not been able to find out the solution for decrypting the file, but have asked the users to be more aware of the ransomware and its effect.
If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6
— Hacker Fantastic (@hackerfantastic) June 27, 2017
The recent updates on the attack revealed that the attackers were hardly able to collect any ransom from the act. Some reports suggest that rather being a ransomware, it was a wiper whose primary aim was to cause destruction.
With global cyber-attacks that are crippling the backbone of many countries, one is left in doubt whether these are deliberate attacks of the cyber criminals to extort money or if there is some sinister ulterior motive behind all these attacks.