Petya ransomware attack: What you need to know


Companies across the UK, Europe and the US have been hit by a ransomware attack known as ‘Petya’, also referred to as Petrwrap.

The malicious software, the second in as many months, has caused havoc across a wide range of firms including Cadbury’s chocolate factory in Hobart (Peterborough), UK advertising giant WPP, international law firm DLA Piper and Danish shipping and transport firm Maersk.

Similarly to what happened with WannaCry, the notorious strand of ransomware that ravaged the NHS, Petya is blocking users’ computers, encrypting files and demanding a $300 bitcoin ransom in exchange for unlocking a device.

Once the ransom has been paid, users are asked to send a confirmation to an address, which has now, according to a blog post, been shut down by the email provider – meaning that there is no longer a way for people who pay the ransom to contact the attacker for a decryption key.

Over in the UK, Dave Palmer, director of technology at Darktrace, a cybersecurity firm with offices in London and Cambridge, commented on how the high-speed attack had caught many companies across the globe off-guard – despite recent government warnings about the rise in ransomware attacks.

“The recent WannaCry attack was an enormous wake-up call regarding ransomware and many digital defences were updated to stop that attack. Yet days later, an only slightly different attack has slipped past defences to wreak havoc.”

“We must retire the idea that traditional defences focussed on yesterday’s known attacks offer anything but rudimentary protection,” he added.

Darktrace, founded by machine learning and operational government intelligence experts, has so far raised a staggering $104.5m from investors and produced a series of cyber solutions based on Bayesian mathematics developed at the University of Cambridge.

The company’s proprietary ‘Enterprise Immune System Technology’ is credited with addressing the challenge of insider threat and advanced cyber attacks by detecting previously unidentified threats in real time.

“The latest advances in AI mean that smart technology can now detect and fight back against any in-progress attacks within a company network, buying the security teams time to respond. This class of technology truly delivers on the promise of AI in cyber defence and is the only realistic way that security teams will scale to the increased speed and diversity of future attacks,” Palmer claimed. .

Where did it come from?

Allegedly Petya and WannaCry were created using hacking tools developed by the US National Security Agency (NSA) and publicly released (aka leaked) by Shadow Brokers, a group of hackers.

It’s not yet clear what the initial attack vector was, but it’s believed that once the worm penetrates the system, it can spread across computer networks via a Microsoft vulnerability (SMB-1).

Petya has now been propagating for almost 24 hours and according to reports it has made approximately $20,000 less than WannaCry did last month, taking into consideration bitcoin’s current value in price.

Dr. Jamie Graves, CEO of Edinburgh-based cybersecurity startup ZoneFox, spoke about the nature of the attack: “This is further confirmation that we now live in a world where nation-state sponsored cyber-attacks are becoming as routine as ‘real-world’ incidents.

“This latest attack reminds us of two crucial facts regarding the current state of cybersecurity: that attackers now have access – regardless of whether they are state-sponsored or independent – to military-grade cyber weaponry, hence the fact that the attacks are so successful. Secondly, that digital data is directly linked to physical assets; it’s not just computer systems shutting down, it’s energy grids losing power, ships stopping in their tracks and people not being able to access their money.

“If you don’t have adequate security in place and a seriously security-conscious culture, you’re going to get a free penetration test to show just how vulnerable your organisation really is.”

It is possible for businesses of all shapes and sizes to protect themselves against these kind of attacks, but contention about whether it’s sensible to pay the ransom usually requested by cyber criminals or not rages on.

Generally speaking, many commentators have long argued that people should refrain from paying the ransom as there are no guarantees that the perpetrator(s) will decrypt the files. Additionally, giving in to the attacker’s requests only serves to encourage them to potentially unleash future attacks.

Cybersecurity is inherently a dynamic industry, and with the situation still unfolding, it’s obvious that IT departments across the country need to tackle issues head on. With the prominence of data and increased connectivity, it’s imperative that firms protect themselves, and their customers, from the ongoing cyber threats, but much more needs to be done. So, watch this space.