Skip to main content

Advertisement

Advertisement

Latest Petya ransomware attack could be worse than its predecessor

SINGAPORE — The latest ransomware attack to hit organisations around the world has the potential to wreak even greater havoc than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.

A screen of an idle virus affected cash machine in a state-run OshchadBank says "Sorry for inconvenience/Under repair" in Kiev, Ukraine. Photo: AP

A screen of an idle virus affected cash machine in a state-run OshchadBank says "Sorry for inconvenience/Under repair" in Kiev, Ukraine. Photo: AP

Follow TODAY on WhatsApp

SINGAPORE — The latest ransomware attack to hit organisations around the world has the potential to wreak even greater havoc than the WannaCry worm that struck hundreds of thousands of computers across the globe last month.

Petya, a type of ransomware that first surfaced last year, holds the entire operating system of the computer hostage, whereas WannaCry - also known as WannaCryptor - only encrypts data files.

"With WannaCry, users can still use their computers, it's just that they cannot access certain files. But if you're hit by Petya, the whole computer cannot be used," said cyber security expert Mr Anthony Lim, director of Cloud Security Alliance. This makes it more difficult for businesses to get their systems back up and running, experts said.

Some experts have also noted that the Petya malware appears to target companies, rather than consumers, as it is designed to encrypt file extensions typically found in an enterprise environment.

Companies with affected computers will likely have to reformat their hard disks and they can recover their files only if they were backed up,

Mr Lim said. Businesses would also have to acquire new Windows licences. "Simply put, this is almost total destruction," said Mr Lim.

Petya can infect computers running on Windows even if they have been patched. "It only takes one unpatched computer to get inside the network and, with administrator rights, Petya can spread to all other computers," said Mr Nick FitzGerald, a senior research fellow at security software firm ESET. Mr FitzGerald added that Petya has the ability to spread through a local area network more thoroughly than WannaCry.

So far, no antidote has been found. "When WannaCryptor was discovered, researchers found bugs and even a kill switch, which indicated that the attacks were the work of an amateur. With the Petya malware, its execution displays a greater level of professionalism with no obvious killswitch being discovered," Mr FitzGerald said.

During the WannaCry attack, a kill switch was discovered by a malware analysis expert, and once this was triggered, the attack was stopped.

Petya can also affect newer Microsoft operating systems, while WannaCry was limited to older ones.

Adding that the threat posed by Petya was "far greater" than WannaCry, Mr Bill Taylor-Mountford, Vice President (Asia Pacific & Japan) of security intelligence firm LogRhythm, said: "WannaCry targeted a vulnerability that existed in the 1990s and only legacy systems were affected."

Mr Nick Savvides from Symantec Asia Pacific and Japan said that apart from emails, Petya can also spread inside networks via other mechanisms such as PSExec, which allows users to execute processes on other systems without having to manually install a client software, for instance.

Mr Savvides noted that while the ransomware attack started in eastern Europe, it has quickly spread across the world.

Manufacturing firms, which are highly concentrated in Asia, are "particularly at risk as most do not apply updates and patches to their industrial computers as swiftly as corporate entities", he said. "This makes them especially vulnerable to rapid infections and complete shutdowns."ac

How to protect your I.T. systems

SingCert advises all users and companies with affected systems to ensure that their Windows-based systems are fully patched. Download the regular patches that Microsoft provides.

Users should ensure that their anti-virus software is updated with the latest malware definitions.

Users should perform file back-ups and store them offline in case they need to restore their systems following an attack.

Have a business continuity plan in place. This should identify the most critical functions that should be restored first, with limited resources following an attack.

Do not click on anything suspicious. Some phishing emails can unleash malware in your computer.

Read more of the latest in

Advertisement

Advertisement

Stay in the know. Anytime. Anywhere.

Subscribe to get daily news updates, insights and must reads delivered straight to your inbox.

By clicking subscribe, I agree for my personal data to be used to send me TODAY newsletters, promotional offers and for research and analysis.