Petya is the name of the new worldwide threat that hit a lot of organization all across Europe and US. It spread through several large firms. Here we have a few examples: the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk.
This is not the first example of cyberattack this year as WannaCry infected, in early May, a huge amount of devices including Britain’s National Health Service. Data concerning this hack are alarming: it affected more than 230,000 computers in over 150 countries, with the NHS, Spanish phone company Telefónica and German state railways among those hardest hit.
Like WannaCry, “Petya” spreads rapidly through networks that use Microsoft Windows. Why is it happening and how can we stop this event?
How does Petya work?
When a malware like these infects a computer, it encrypts data and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files.
This ransomware, specifically, takes over a computer and asks for $300, in Bitcoin, to have data back. It’s very easy for it to spread because of the EternalBlue vulnerability in Microsoft Windows or through a couple of Windows administrative tools. Basically, once a device is infected there’s no way to stop the virus inside the organization. First of all it tries one way, and if it doesn’t work it goes the other. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.
Why the name “Petya”?
This malware seems to share a big part of its code with an older one called this way. Later, after an accurate analysis, security researchers found out this similarity is quite superficial. Immediately some researchers, who noticed this malware, named it in different ways.
Where did it start?
Apparently Petya seems to come from a software update mechanism inside a specific software used in Ukraine. This is the explanation for the huge number of Ukrainian organizations affected by the virus. Who did it hit in Ukraine? This malware took offline the government, banks, Kiev’s airport and metro system, even Chernobyl monitoring system.
What’s the main difference with WannaCry?
This malware grows inside networks, internally. On the other hand Wannacry seeded itself externally and fortunately this element limited Petya’s spread.
Is there any protection?
This recent cyberattack seems to demonstrate that no one is safe ( Unicredit hack ). That no matter how much effort you put into it, you will still be vulnerable. In order to assure to your business the best tool available, Swascan developed a special cybersecurity platform. It is completely in Cloud, Pay per Use and SaaS. You can see for yourself in our brochure: Cybersecurity platform and have an in-depth look at our services. Our three services cover all the governance needs in terms of risk management and periodic assessment. Basically, if you need to understand the areas in which your efforts must focus, Vulnerability Assessment, Network Scan and Code Review are the right tools for you. Last but not least, don’t forget GDPR: our platform is 100% GDPR compliant ( GDPR infographic ).