Petya ransomware found affecting gateway terminal at Jawaharlal Nehru Port Trust and major businesses across Europe, the US and Asia
Petya ransomware has infected a private terminal operated by Maersk at JNPT. The disruption is part of global attack and the facility is unable to load or unload shipments. The ransomware is similar to last month's WannaCry that demands ransom in the form of bitcoin.
A new ransomware dubbed 'Petya' has been found damaging major businesses across Europe and the United States. The cyberattack comes in the wake of last month's WannaCry, and victims are reportedly unable to unlock their computers even after paying the ransom.
This new attack was first reported in Ukraine, and has disrupted major businesses including government organisations, banks, state power utilities, airport and metro systems. The ransomware is reportedly infecting all Windows servers, PCs and laptops. The attack also hit Chernobyl's radiation monitoring system, forcing employees to use hand-held monitors instead. Affected businesses include France's Saint-Gobain, Russia's Evraz and Rosneft, and advertising giant WPP. Other major companies that were hit include legal firm DLA Piper, container shipping company Maersk Line, and Pittsburgh-based Heritage Valley Health System. Affected firms are asking their employees to not turn on their systems or access network-connected devices.
New #ransomware spreading through SMB… Its #rebooting OS and encrypting files. Any idea which one it is? pic.twitter.com/DaEyqIKBvH
— Ankit singh (@ankit5934) June 27, 2017
The ransomware, initially found infecting computers in Europe and US has now made its way to Asia. The Petya ransomware has now affected a private terminal operated by A.P. Moller-Maersk at Jawaharlal Nehru Port Trust in Mumbai. Bloomberg reports that the facility called 'Gateway Terminal India' is unable to load or unload shipments. The shipping ministry has issued a statement that the disruption is a consequence of global outage faced by Maersk Line. The cyberthreat has also been found spreading to China but there has been no large-scale attack, says Zheng Wenbin, chief security engineer at Qihoo 360 Technology Co.
The computers affected by Petya are displaying a message demanding a ransom of $300 in the form of Bitcoin. The attackers are demanding that the users of affected computers to send payment confirmation to an email, which has been shut by the email provider. "We do not tolerate any misuse of our platform," German email provider, Posteo said in a blog post.
Mikko Hypponen, Chief Research Officer at F-Secure says that the original Petya ransomware was developed by Janus Cybercrime Solutions in late 2015. However, the spreading mechanism and the origin of this Petya ransomware remains unknown.
Many organisations worldwide affected right now by a new variant of the Petya ransom trojan. Spreading mechanism unknown at the time.
— Mikko Hypponen (@mikko) June 27, 2017
Last month's WannaCry or WannaCrypt ransomware affected more than 2 lakh computers from over 150 countries. Symantec's threat analyst says Petya or Petrwrap also uses SMB to exploit Windows devices but it doesn't seem to have originated via email. Analysts at Kaspersky Labs claim that this new cyberattack is not a variant of Petya, but a new ransomware that has not been seen before. Since the attack originated from Ukraine and targeted state-level organisations, there is a growing suspicion that Russia might be behind this ransomware.
The Petya ransomware is now expected to spread further due to lack of a global kill switch. The number of infected computers and servers is expected to rise further as more unpatched systems are expected to get exposed to this vulnerability.