“Petya” Cyber Attack in Ukraine Spreads Internationally

Just a matter of weeks following the accidental kill switch of  the “WannaCry” Ransomware attack that began in Europe, yet another serious ransomware attack shut down entire networks in the Ukraine. Just like the WannaCry attacks in May, the global hack shut down computers all over Europe, demanding a digital ransom for the owners to regain access to their files. This is yet another scary example of the looming threat of cyber attacks. Pet

The first WannaCry ransomware that affected tens of thousands of machines all over the globe was halted by a person who has remained anonymous, known only as the handle “MalwareTech.” They were able to accidently, or inadvertently stop the spread of the attack by finding an unregistered domain name in the ransomware. They pointed the domain to a sinkhole, or server that collects and analyzes malware traffic. As MalwareTech tried this, it became clear that the domain –which was a random assortment of letters and only cost $10.69 — was a kill switch, or way to take control of the ransomware.

The problem with the latest attack.. No kill switch. But it got worse.

The WannaCry attack was ransomware. This encrypted data for ransom. Then data could be returned. The Petya attack, named after a cybercriminal operation, was deemed similar to the WannaCry attack initially. It used similar code, spread quickly, and even used the same software vulnerability. As it would turn out, the Petya had further means of infection, far worse than initially expected.

Petya doesn’t encrypt files. It destroys them.

Worse still, the public e-mail service used to confirm payment for ransom closed the account. The function of Petya was to destroy victims’ data. Several Ukrainian government ministries, local banks and metro systems were immediately affected. It began in Kiev, the capital city, immediately shutting down ATMs. The attack spread quickly, affecting at least 64 different countries around the world. Danish shipping conglomerate Maersk, US drug giant Merck, & Russia’s biggest oil company Rosneft were among the largest commercial victims of the attack.

This attack leads many analysts to state clearly that this is only the beginning of cyberattacks that can have monumental effects and catastrophic damage, based on minimal and predictable means. This is the most serious example of why protecting your data is so important in today’s world. The attacks are already here. Will your company be protected?

Superior IT Innovations can provide network security solutions and disaster recovery for companies large and small. We have worked with clients that have experienced ransomware, including large companies that lost all of their data right here in Western New York. If you don’t have your security solutions in place, your information could be in big trouble. It has gotten to the point where it isn’s a matter of if an attack happens, but when it will happen.

Contact SITI about network security by giving us a call, or filling out our contact form here.