Petya ransomware outbreak paralyses institutions worldwide

A new ransomware, named Petya, spread around Ukraine, then Europe and the world, infecting and disabling Windows systems in various industries, from airports and shipping ports, to petrol and the financial industry, to supermarkets and law firms. According to Microsoft, the infection was identified in at least 65 countries, including Belgium, Brazil, Germany, Russia, and the USA. Petya is based on a code of a ransowmare developed in 2016, which locks the master boot records of the disk, effectively rendering the disc and computer dysfunctional until a ransom of USD$300 in Bitcoins is paid. Unlike its older version, the 2017 version – also dubbed ‘notPetya’ by some researchers – spreads like a worm through the infected systems (that is without a need for a user to activate it by opening an infected link or an attachment) by exploiting the same vulnerability that WannaCry did, and for which Microsoft issued a patch in March. NotPetya also uses a range of other tools, such as recovering administrator passwords on the infected systems and gaining top access privileges. While the malware has all the features of a ransomware, it appears the attackers have put relatively little effort in ensuring that payments are received, since there is only one Bitcoin wallet used for all the infected computers (which makes it easier to track and possibly locate the criminals when the funds are eventually withdrawn). In addition, the e-mail address offered for communication with the attackers was hosted on a public platform by German company Posteo, which immediately suspended it after the infection broke out. This is why some experts believe that the malware is not designed to make money, but to spread fast and cause damage, The Register reports.