Short Note: Petya Ransomware Cyberattack
Petya ransomware cyber attack had crippled computer servers all across the world locking up computer data. Ukraine and Russia are the worst affected countries of the cyber attack. The attack has also crippled some computers in the US and Western Europe.
What is Petya Ransomware?
Petya is a ransomware, similar to that of Wannacry attack. The Petya is thought to be a variant of Petya.A, Petya.D, or PetrWrap. Petya was also found to be exploiting EternalBlue exploit that was used by Wannacry attack. WannaCry cyberattack had crippled more than over 300,000 computers globally.
The Petya ransomware, like WannaCry had locked up the computer files and encrypted all data on the computer. It then demanded $300 Bitcoins as ransom to unlock the encrypted data. Once the ransomware infected the system it will wait for an hour and will begin rebooting the system. After the reboot, the files will get encrypted and user will be asked to pay up the ransom.
The Petya ransomware attack is believed to have originated from an update used on a third-party Ukrainian software called MeDoc. The software was being used by many government organisations in Ukraine. This explains why Ukraine was the most affected country. The ransomware was is labelled as the most comprehensive cyber attack. To fix the ‘EternalBlue’ exploit in Windows, Microsoft had issued a security patch
Who is behind the Petya cyber attack? Who were affected?
Researchers are yet to identify the persons behind the cyberattack. In Ukraine, Ukrainian Railways, Ukrtelecom, and the Chernobyl power plant were worst affected by the attack. Apart from these companies multinational companies like DLA Piper, shipping giant AP Moller-Maersk, drugmaker Merck, as Mondelez International were affected. In the US, hospitals were affected. In India, the Jawaharlal Nehru Port (JNPT) got affected by the cyberattack. JNPT has the capacity to handle over 1.8 million standard container units. Russia, Poland, Italy and Germany are other countries affected by the cyber attack.
CERT-In (Indian Computer Emergency Response Team)
- The CERT-In functions under Ministry of Information and communication Technology.
- CERT-In was established in January 2004.
- The main function of CERT-In is to provide early security warning and effective incident response.
- It is aimed at catering to the needs of critical sectors, law enforcement & judiciary and e-governance project owners.
- In the Information Technology (Amendment) Act 2008, CERT-In has been designated to perform the following functions in the area of cyber security:
- Collection, analysis and dissemination of information on cyber incidents
- Forecast and alerts of cyber security incidents
- Emergency measures for handling cyber security incidents
- Coordination of cyber incident response activities
- Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents