Petya ransomware behind global cyberattack: India also affected

Several countries across the world are said to have been affected by a new malware nicknamed Petya or PetrWrap, also being called GoldenEye. Read to know more.

In what seems to be a rerun of the global cybarattack perpetrated by the WannaCry ransomware — and this time with worse consequences — several countries across the world are said to have been affected by a new malware nicknamed Petya or PetrWrap.

The attack — which reportedly started in Ukraine on Tuesday — brings to reality fears that have been expressed time and again since the WannaCry infection that similar malware are lurking in dark corners of the Internet, and could wreak much more damage.

The ransomeware is also being referred to as GoldenEye — like the James Bond film — and is perpetrating attacks using vulnerabilities present in the Windows operating system (OS) of Microsoft. And it is already making its presence felt in India.

Interestingly, the vulnerabilities Petya exploits to infect a system were supposed to have been patched at the time of the WannaCry attack itself.

Therefore, it remains to be seen whether the patchwork was good enough or if the new ransomware was using the same vulnerabilities as WannaCry because not all people and organisations installed the Microsoft-issued patches.

Malware — [Representational image]Creative Commons

The attack

Petya apparently uses a piece of code called eternal blue, which Reuters said "cyber-security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last month's [WannaCry] ransomware attack."

The ransomware — as is the wont of this category of malware — is encrypting the hard drives of infected computers and demanding $300 in return for the drive to be decrypted. It's primary targets have mostly been in Europe and the United States.

Those who decide to pay that amount have been asked to send a confirmation to a certain email address hosted by German email provider Posteo. The organisation has since shut down the email account.

Thus, there is no way for those affected and deciding to pay to confirm their payment and get their hard drives decrypted. However, the use of the email is leading cyber-experts to believe that this was not a very planned attack.

Effect in India

The Jawaharlal Nehru Port (JNPT) near Mumbai in Maharashtra is believed to be one of the first places in India to report a Petya infection.

"AP Moller-Maersk, one of the affected entities globally, operates the Gateway Terminals India (GTI) at JNPT," said a PTI report about India's largest container port.

"We have been informed that the operations at GTI have come to a standstill because their systems are down (due to the malware attack). They are trying to work manually," a senior JNPT official told PTI on Tuesday night.