Yes, it is official. There is another ransomware. It is another offshoot of the infamous WannaCry malware. It uses the same vulnerability. To top it all, Microsoft had issued patches for WannaCry. Even after such a serious threat, it seems people have still not updated their machines.
This time around, the malware’s impact was also felt in India. While the infection was not widespread (as per Symantec, it hit less than 20 organisations in India), and yet it managed to make news, as one of those hit was shipping behemoth Maersk, which ended up crippling our very own JNPT.
This time around, one of the worst-hit victims was Ukraine. This will no doubt bring a sarcastic smile upon the lips of many system administrators, as the country is infamous for being home to Canadain Pharmacy and other such spam hosts. Hope this will persuade the government to finally crack down on these malcontents.
However, if NATO is to believed, there is a much more sinister angle behind this attack. A CNBC report quotes the Military alliance’s claim that a ‘state actor’ was behind the attack.
“The operation was not too complex, but still complex and expensive enough to have been prepared and executed by unaffiliated hackers for the sake of practice. Cyber criminals are not behind this either, as the method for collecting the ransom was so poorly designed that the ransom would probably not even cover the cost of the operation,” said NATO’s Cooperative Cyber Defence Centre of Excellence (CCD COE) in a press release.
As the world is getting increasingly digitised, the Internet is fast turning into a jungle and a battlefield. As well as the usual suspects like spammers and scammers, states are also increasingly indulging in using malware as a spying/disruption tool.
The first such major attack first came to light in 2005. Dubbed Titan Rain, it was Chinese in origin and targeted several US defence systems. One of the most news-worthy attacks came allegedly via Iran. A worm called Stuxnet, allegedly Israeli in origin, managed to deal a crippling blow to Iranian nuclear programme.
PS: A report by Kaspersky states that the version of Petya seen in this cyberattack may appear like your standarad ransomware. In reality, it is a disk wiper. In other words, if you are infected, you can safely say goodbye to that data.
As per Kaspersky experts, it generates random infection ID for each computer. In simple terms, this ransomware infection may be without a decryption key, even if you pay up the ransom.
Strictly speaking, it may not be a disk wiper, but with no access to data, it is as good as one.
