A massive cyberattack swept across computer networking systems worldwide this week, spanning across Europe, the Middle East, and the United States and affecting a variety of companies, from banking institutions to airlines to hospitals. The breach comes just weeks after the WannaCry Attack that hit at least 150 countries. The global Petya virus has “significantly affected” the worldwide operations of TNT Express, a subsidiary of FedEx that’s based in the Netherlands. Both the domestic and international shipping.
The virus that began spreading through European computer systems yesterday informed users that they could unlock their machines by paying a $300 ransom. But it looks like the program’s creators had no intentions of restoring the machines at all. In fact, a new analysis reveals they couldn't; the virus was designed to wipe computers outright.
Matt Suiche, founder of the cybersecurity firm Comae, writes in a blog post today that after analyzing the virus, known as Petya, his team determined that it was a “wiper,” not ransomware. “We can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware,” Suiche writes.
The virus going around is a modified take on an earlier version of the Petya virus that was true ransomware. But Comae saw that code had been specifically modified to change it from a virus that encrypts a disk and demands a ransom into a virus that simply destroys the disk.
So then why purport to be ransomware? There’s no way to say for certain right now, but Suiche believes it was about hiding who was really behind the attack. “We believe the ransomware was in fact a lure to control the media narrative,” he writes, saying that ransomware suggests “some mysterious hacker group” being behind the virus “rather than a national state.”
That’s still speculation for now, but the virus did appear to primarily target Ukrainian infrastructure, including an electricity supplier, the central bank, the state telecom, and an airport. Analysis from Kaspersky Lab yesterday showed the virus remaining primarily in Ukraine.
This is call for companies in Africa and Nigeria especially, to start installing Various security patches on systems including the one in Microsoft’s MS17-010 bulletin. Also Antivirus and Anti-malware softwares need to be updated regularly to fight against such attacks.
No comments:
Post a Comment