Know all about “Petya” Ransomware menace |ForumIAS

Context

India is the worst hit nation in the Asia pacific region by “Petya Ransomware”, with operations wedged at Jawaharlal Nehru Port Trust in Mumbai.

Why in the news? (Key highpoints)

A report by Symantec identified that India is the worst hit country by Petya in APAC and 7th globally
The government has asked for National Cyber Security Coordinator, Gulshan Rai to monitor the situation at Jawaharlal Nehru Port Trust (JNPT) where one of three terminals was impacted
P. Moller-Maersk was also hit affecting multiple sites and business units including the Gujarat Pipavav Port Limited
Numerous companies have been crippled by global cyberattack, the second major ransomware crime in two months.

How does the Petya ransomware work?

The ransomware takes over computers and demands $300 to be paid in Bitcoin.
The malicious software spreads rapidly through an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows.

Where did it start?

The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police.

How far has it spread?

The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft
Who is behind the attack?
Many experts believe that Petya was designed to spread fast and cause as much damage as possible with a believably deniable cover of ‘ransomware’
Security researcher from cybersecurity blog Krebs on Security stated that ‘Petya’ was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware.
Pseudonymous security researcher noted that the new Petya is not designed to make money but as a criminal enterprise with intent to hurt victims specifically.

Q&A