Cyber Security Experts warn about new Global Ransomware ‘Petya’

Australians are being asked to be careful and to ensure that their devices are protected with the latest and most up to date Windows software, following reports that a new global ransomware, Petya, has affected several countries in the United States, Europe and Asia. Reports also confirm that some Australian organisations have been impacted. In Tasmania, the Cadbury chocolate factory was targeted, and production at its Claremont facility was ceased this morning, after it was observed that their IT system had been locked up and held for ransom.

IT Systems that are not up-to-date with the most recent Windows software are especially vulnerable to the malicious virus, which rapidly infects a computer and makes it inoperative unless a $300 bitcoin ransom is paid. Once the payment has been made, a confirmation of payment is sent by the victim to an email address, and in turn the hackers provide a digital key to unlock the files. Otherwise, files are lost completely.

The use of bitcoin as a source of virtual currency is fast becoming common for those launching ransomware attacks, as it provides anonymity and cannot be traced.

The effects of the attack have been felt particularly in the Ukraine, where the Government, banks and the electricity grid were targeted, and Kiev airport and metro system temporarily shut down. Reports indicate that the automatic radiation monitoring system at Chernobyl was also targeted by the cyber-attack, and employees had to carry out manual monitoring to measure radiation levels in the exclusion zone at the former nuclear plant.

The attack has affected a number of large organisations, including the food company Mondelez, as well as the transport and logistics company Maersk, which reports that all business units, including container shipping, port and tug boat operations and oil and gas production (amongst others), have been affected. In the United States, the Heritage Valley Health System, which operates hospitals and care facilities, has also been affected by the malware.

There are important steps that businesses and individuals can take to reduce the risk of their computers being targeted by ransomware. These include;

  • Immediately installing the latest Windows (and Windows XP) updates for applications, software and operating systems;
  • Ensure that all system backups are available and operational, with back-ups performed using an external storage device – USB and hard drive – , or online using a Cloud Service.
  • Keep Anti-virus software up-to-date

For those targeted by this virus, the best advice is to is not to pay the ransom, as the customer service email address provided by the Hackers has been suspended by their German email provider, Posteo.  Therefore, even if victims pay the ransom, they will not be able to receive details for the decryption key to access their files.

Recommendations, in the event that your IT system is targeted, include disconnecting your PC from the internet, reformatting the hard drive and reinstalling files from a back up.

Countries around the world are joining forces in the fight against cybercrime, which has experienced an unprecedented increase in the last decade or so. Today, the global cyber security market is worth approximately $120 billion, a major step up from $3.5 billion it was worth only 13 years ago.