A new strain of destructive ransomware has wreaked havoc globally overnight, with experts saying it’s “difficult to tell” how hard Australian organisations will be hit.
The attack, dubbed “Petya”, began to spread across organisations in the US and Europe last night, reports The Guardian, knocking out the systems of multiple business and services, including advertising giant WPP and the radiation monitoring system at Chernobyl.
Similar to the infamous “WannaCry” attack that spread across the world just weeks ago, the Petya attack displays a screen advising users “Oops, your important files have been encrypted”.
The screen then tells users to transfer $US300 worth of digital currency Bitcoin to a certain virtual wallet, and then send the transaction details and personal ransomware installation ID to an email address to get your files decrypted. At the time of publication, the wallet linked to the attack had received $US8809 in Bitcoin.
The first Australian business to be hit by the attack was the Hobart Cadbury factory, reports The ABC, with production being halted while the attack is dealt with.
However, experts are warning those affected by Petya should hold off from paying any ransoms, as it appears unlikely that systems files are actually being decrypted.
Cybersecurity expert at Sense of Security Michael McKinnon told SmartCompany there have been “serious concerns” over the whether users can get their files decrypted after they have made payment, because to hacker’s email address that users are instructed to send proof of payment to has been taken offline.
The Guardian reports the German hosting company behind the hacker’s email address has disabled the account, stating “we do not tolerate any misuse of our platform”. This means even if ransoms are paid, affected victims are unable to contact the hacker in order to get their files decrypted.
— Ryan Clapham (@NewsReport365) June 27, 2017
For SMEs, McKinnon advises two main courses of action. He says the Petya attack uses the same vulnerabilities exploited in the recent WannaCry attack, but notes the attack could potentially be more significant as more information comes to light.
“What you need to do if you already haven’t is patch your systems. We’re talking about a patch released by Microsoft on the 14th of March, so you definitely need to update to protect your systems,” he says.
Although the method by which the attack spreads across the world is still unknown, McKinnon says many are speculating it is through some form of phishing attack, which prompts a reminder for businesses to know the risks of dodgy emails.
“For Petya, until more research is done, all businesses can do is keep vigilant and educate staff around phishing emails and make sure all your systems are patched,” he says.
“Then it’s just a case of staying tuned in terms of how to combat the attack further.”
In a statement, Minister assisting the Prime Minister for cybersecurity Dan Tehan has urged SMEs to take action to protect themselves against the attack, saying “this ransomware attack is a wake-up call to all Australian businesses”.
“If your business has been infected you should isolate the affected computer from your network to prevent the software spreading and use backup data to restore information,” Minister Tehan said.
“All businesses should immediately update their Windows operating system with the latest security patches and there are instructions on the ACSC website to do this.”