On the heels of the WannaCry ransomware attack last month, a new ransomware variant, Petya, hit organizations around the world on Tuesday and stopped them in their tracks—including a major law firm. This keeps us up at night and we have empathy for our colleagues. It also has affected at least one U.S. nuclear plant’s computer system.
Petya encrypts a computer’s hard disk and locks out users and posts a ransom demand of $300, payable in bitcoin.
It is called a “worm” because it has the ability to self-propagate. Unfortunately, it uses a tool that was developed by the U.S. National Security Agency, which was stolen by hackers and shared on the dark web. It infects computers through an exploit called EternalBlue, designed to use a vulnerability in Windows operating systems. Microsoft issued patches to protect users from the new attack, but if the patch has not been installed, companies are becoming victims.
A kill switch for WannaCry was discovered by a security researcher, which helped the spread of the WannaCry ransomware. However, no kill switch is available for Petya. Major companies have been affected by Petya. The lesson after WannaCry and Petya is to push the security patches provided by Microsoft and other providers as soon as they are received. And what about the NSA maybe helping companies prevent these attacks that were developed by them and stolen?