Petya Ransomware

A new form of the ransomware similar to WannaCry is affecting businesses and organizations around the world. Starting in Ukraine, a strain of Petya ransomware has spread to France, the UK, Russia, Norway, Ukraine, India, and the US.

As of 4:30 GMT, major corporations such as Mondelez International (Cadbury, Nabisco, Oreo, Etc.), Maersk (the world’s largest shipping line), and Merek (Pharmaceuticals) has all been hit by the attack, there are also reports of airports, banks, and metro systems being affected.

Petya Ransomware

Spreading similarly to WannaCry, once infected the user is presented with a black screen and red text demanding a $300 ransom to unlock the user’s computer. Unlike WannaCry, however, the Petya variation does not encrypt individual files but instead overwrites the master book record (MBR) and encrypts the master file table (MFT). This leaves the computer unable to boot, essentially leaving it useless.

The virus spreads at an alarming rate with employees from Mondelez saying that since its first appearance at noon it has successfully taken down their offices in Poland, England, France, Spain, and Switzerland.

It has also been reported that the nuclear plant in Chernobyl has been affected by Petya.

At the moment, Ukraine and Russia have been the hardest hit, however, it is still early in the US, there is no telling how much many more organizations can be affected.

Companies should be sure all their computers are patched and be wary of any suspicious emails.

[UPDATE]

The email that was connected to the BitCoin account that was associated with Petya has been closed by their email provider. This means that even if a user pays the ransom they will not be able to restore their computer as the hackers can not receive mail.

For information on how you can train your users not to click on malicious emails that can carry ransomware and viruses visit our sister site at PhishingUserTraining.com

Comments are closed.