In the wake of the global WannaCry cybercrime crisis, a new digital threat has emerged in the form of ransomware called Petya.
According to Krebs on Security, Petya exploits the same Microsoft Windows vulnerability as WannaCry. Fortunately for most users, Microsoft released a patch to solve the issue back in March.
Among the malware’s victims are multiple Ukrainian banks and government organs, and it’s likely that Russian energy company Rosneft and Norway’s Maersk have been hit, as well.
Symantec, meanwhile, has confirmed that Petya is using the tool known as EternalBlue to carry out the attacks, as is the case with WannaCry. The tool was allegedly developed by the United States’ National Security Agency, but subsequently leaked online earlier this year.
Petya, like WannaCry, effectively encrypts a Windows user’s files, holding them ransom until a payment of Bitcoins to the value of $300 is made to an anonymous beneficiary. Reports suggest, however, that the malware has been engineered to be destructive, as well.
According to Nicholas Weaver of the International Computer Science Institute, the ransom function is a bluff. “I’m willing to say with at least moderate confidence that this was a deliberate, malicious, destructive attack or perhaps a test disguised as ransomware,” he says.
He cites several red flags that have aroused his suspicion, including the fact that the malware encourages communication with a single email address rather than through via the more secure and anonymous Tor platform.
At the end of the day, the effectiveness of the outbreak will depend on the preparedness of Windows users. As long as people refuse to install the Microsoft patch, they will remain vulnerable to attack.