'Petya' Ransomware CyberAttack.

A latest global ransomware attack has been spreading fast after initially affecting computers in Ukraine. Here’s what you need to know.

Computer systems from Ukraine to the United States were struck on Tuesday in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.In Kiev, the capital of Ukraine, A.T.M.s stopped working. About 80 miles away, workers were forced to manually monitor radiation at the old Chernobyl nuclear plant when their computers failed. And tech managers at companies around the world from Maersk, the Danish shipping conglomerate, to Merck, the drug giant in the United States were scrambling to respond. Even an Australian factory for the chocolate giant Cadbury was affected.

What is Ransomware?

Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it.

What is Petrwrap?

Petrwrap is the latest in a series of powerful ransomware attacks which deny access to a computer system and then demands money from users to regain access. PetrWrap is said to be using the same EternalBlue exploit employed by WannaCry earlier this May.

How does it work?

When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.

The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.

Strictly speaking, it is not. The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya, but in the hours after the outbreak started, security researchers noticed that “the superficial resemblance is only skin deep”. Researchers at Russia’s Kaspersky Lab redubbed the malware NotPetya, and increasingly tongue-in-cheek variants of that name – Petna, Pneytna, and so on began to spread as a result. On top of that, other researchers who independently spotted the malware gave it other names: Romanian’s Bitdefender called it Goldeneye, for instance.

Protection from 'Petya'

For this particular malware outbreak, another line of defence has been discovered: “Petya” checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. But this “vaccine”doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.

Most major antivirus companies now claim that their software has updated to actively detect and protect against “Petya” infections: Symantec products using definitions version 20170627.009 should, for instance, and Kaspersky also says its security software is now capable of spotting the malware. Additionally, keeping Windows up to date – at the very least through installing March’s critical patch defending against the EternalBlue vulnerability – stops one major avenue of infection, and will also protect against future attacks with different payloads.