Ransomware attack targets 2000 gov't, private servers worldwide

Adjust Comment Print

The National Bank said an "unknown virus" had spread through its computers, and Ukraine Deputy Prime Minister Pavlo Rozenko said his computer, like others in the Ukrainian government, became inaccessible.

Production at the Cadbury factory on the island state of Tasmania ground to a halt late on Tuesday after computer systems went down, said Australian Manufacturing and Workers Union state secretary John Short.

Microsoft said the virus could spread through a flaw that was patched in a security update in March. The worldwide police organization Interpol said it was " closely monitoring " the situation and working together with its member countries.

The virus attacked computers which are running Microsoft Corp's Windows by overwriting files and encrypting hard drives.

The payment method via an email address that was quickly shut down, is considered amateurish and led to speculation that the virus' objective was not monetary gain, but rather to simply cause damage.

CNET reports that Ukraine is the worst hit, with several banks and government agencies going under.

On Wednesday, the Associated Press reported that the Danish shipping giant A.P. Moller-Maersk was hit by the malicious software but has since "contained the issue".

Though it's too soon to be certain, experts say it seems as though a confluence of factors may be pointing to Russian state involvement in carrying out the attack.

It is unclear if the attacks on computers Tuesday, spreading across Europe but centered on Ukraine, are a single organized effort by hackers, or if several distinct attacks took place.

Indian PM Modi visits Portugal on trip to meet with Trump
Earlier President Trump and PM Modi have spoken twice over telephone after the former assumed office. Since 2008, India and the USA have signed US$15 billion (Dh55.1bn) in defence contracts.

Petya apparently uses a piece of code called eternal blue, which Reuters said "cyber-security experts widely believe was stolen from the US National Security Agency (NSA) and was also used in last month's [WannaCry] ransomware attack".

Ukrainian officials confirmed a possible link to MeDoc.

Operations at one of the three terminals of Jawaharlal Nehru Port (JNPT) in Mumbai, India's largest container port, were disrupted.

The statement also said that all "technological systems of the station operate in the normal mode", but that "in connection with the cyberattack, the Chernobyl nuclear power plant website is not working".

Further analysis by Russian-based Kaspersky Labs instead concludes that the guilty ransomware was completely brand new, although it does have some commonality with Petya.

By creating a read-only file - named perfc - and placing it within a computer's "C:\Windows" folder, the attack will be stopped in its tracks. Others call it "Goldeneye" - the name of another recent strain of the Petya ransomware.

When ransomware encrypts data on an infected machine, the only way to obtain the decryption key is generally to pay the ransom demanded.

It has been reported that Petya is also referred to as NotPetya.

What should a person do if he/she gets affected by the ransomware?