Petya ransomware to hit India a lot harder than WannaCry, cybersecurity researchers warn

Sriram Sharma June 28, 2017

petya-cyberattack-ransomware-India

A new and improved version of Petya, a ransomware that first surfaced in early 2016, is now rapidly infecting Microsoft Windows computers across the world.

The latest update to the malware exploits the EternalBlue vulnerability, which was used by the WannaCry attack last month. Similar to WannaCry, the malware traverses the network by using the Microsoft Windows SMB protocol.

Computers in India haven’t been affected yet by the Petya attack according to a chart posted by Kaspersky Lab’s Global Research & Analysis Team. But that’s likely to change once people start waking up and getting to office, warned Yash Kadakia, founder and CTO of Security Brigade, a Mumbai-based cyber security firm.

“Initially the attacks started off in Ukraine, and it spread from there to Eastern Europe. Luckily enough, India went to sleep at that time. As India goes to work again, that’s when we’re going to see it,” he said.

“Initially the attacks started off in Ukraine, and it spread from there to Eastern Europe. Luckily enough, India went to sleep at that time. As India goes to work again, that’s when we’re going to see it” — Yash Kadakia, founder and CTO, Security Brigade  

Any Windows PC vulnerable to the Eternal Blue exploit can get infected; the malware infiltrates networks through an email attachment that gets sent out to everyone from infected machines, Kadakia said. 
”It enters the organisation through an (infected) Excel sheet, and then it spreads within the organisation through the SMB attack. So it does require a human to make an error to spread the attack through an internal network. It takes just one such user error for the whole network to be exposed,” he said.

“As of last night, they have found a temporary kill switch as well — the user needs to create a local file on their machine. That was a temporary workaround, more or less. Not opening the attachment is one. Also, the emails are being sent from a very specific email ID. From a corporate standpoint, it’s pretty easy to block this,” he said. “Anyone affected gets a chkdsk (a Windows command line utility) message on boot. If they stop the computer right there and take it to a repair shop, or boot with a live CD, their files can be saved,” he added.

Any Windows PC vulnerable to the Eternal Blue exploit can get infected; the malware infiltrates networks through an email attachment that gets sent out to everyone from infected machines  

Kaspersky warned that the email connected to the $300 Bitcoin ransom has been shut down, making it impossible for the hackers to decrypt files of victims.

Such attacks will only keep growing, due to the unwillingness of companies to push the latest OS patches across their IT infrastructure, said Saket Modi, CEO and cofounder, Lucideus. According to the Delhi-based cybersecurity firm, close to 50% of Windows systems are still not patched in India, and are vulnerable to this attack.

“If you take Wannacry as an example, the exploit has been in public since January and its patch (that was a free of cost update) released by Microsoft in March. Even then, most companies around the world didn’t upgrade their OS, and the result was WannaCry,” he said, urging companies to take cybersecurity more seriously. “It’s time the boards and investors of companies take cybersecurity seriously by allocating the right resources, as any successful attack on their cyber infrastructure has now become a direct business impact,” he added.

According to a PTI news report, operations at India’s largest container port JNPT (Jawaharlal Nehru Port Trust) were impacted on Tuesday night due to the Petya malware attack. We’ll update this story as we hear more.