Pune: The author of ransomware Petya, which surfaced in 2016, has released the key of malware in the form of an encrypted file. According to cyber security experts, the mysterious author of Petya, who operates in the name of Janus Cyber Crime Solutions, released the master decryption key a fortnight ago in the wake of another variant ‘Not Petya’, which has shaken the cyber security as well as political and civil spheres across the world.
The largest container port of India, the Jawaharlal Nehru Port Trust (JNPT), was also attacked by malware ‘Not Petya’. Maritime conglomerate Maersk Group confirmed that their entity AP Moller-Maersk at the JNPT was attacked by ‘Not Petya’, which resulted in shutdown of their sites and affected their operations.
The malware attack took place across the world and has shut down systems of large organisations, including supermarkets in Ukraine, Cadbury chocolate factories in Australia and a few banks in Europe.
Cyber security experts working with the National Technical Research Organisation (NTRO), Delhi, however, claimed that the mysterious author of Petya has released the keys in the wake of ‘Not Petya’, as they don’t want to get blamed for the havoc created by ‘Not Petya’ across the world.
Nobody has yet found the real identity of Janus Cyber Crime Solutions, the original author of ‘Petya’, which borrowed the name from James Bond movie ‘Golden Eye’ as well as the identity of the author of ‘Not Petya’.
However, experts don’t rule out the hand of Russian Business Network (RBN) behind these attacks. RBN is a cyber crime organisation operated by the Russian mafia and is based in St Petersburg, which deals in ransomware, phishing, child pornography and other crimes.
Ajit Hatti, Pune-based cyber security expert and head of security research and development of Payatu Labs, said, “Petya is a family of malware, which surfaced last year affecting the boot sector of windows machines and stopped them from booting. This year, we see a more deadly version of it, referred to as ‘Not Petya’, which has shaken the world and is a matter of concern as it is using the ‘Eternal Blue’ exploit as a vector to spread over the Internet, which was developed by the National Security Agency of America (NSA).”
Hatti said the code of Eternal Blue was stolen and made public in a hack by Shadow Brokers Group. The reason of the shake-up is the ethical discussion that the government, which manufactures cyber weapons to use against other states and criminals, doesn’t realise that if they get into wrong hands, they can be used against themselves and its own citizens. Regular attacks on the CIA and the NSA, which are apex security organisations of the USA, has proved that nothing is safe in the world. It raises a question: Should we still continue with our quest of developing deadly cyber weapons?
People are advised to stay safe, don’t click un-trusted links, don’t install untrusted software, update your OS to 8.1 Windows or above and use genuine software and anti-virus
Niranjan Reddy, another cyber crime expert working with government agencies, said, “Around four companies have been attacked by Petya in Pune and Mumbai. Its author has, however, released the keys. But the solution has not be found for ‘Not Petya’. People should take care while opening unknown attachments, stop visiting infected websites, which automatically deliver malware and should avoid using unknown USBs.”
A high-ranking police official of the Cyber Crime Cell, Pune, on condition of anonymity, said, “We are not aware of the release of keys, but it is a good thing. However, people should take care while clicking on unknown links as the new malware is more dangerous.”