Massive Global Cyberattack Shuts Down World’s Biggest Shipping Company

Remember last month when the WannaCry ransomware attack spread throughout the world, targeting certain Windows operating systems? There’s a new ransomware attack happening now that uses the same exploit as WannaCry, and it’s possibly even stronger than the previous attack.

It’s called Petya, and it seems to have originated in Ukraine when accounting software company MeDoc pushed a malicious update to its software. This carried an updated version of the Petya ransomware which is designed to target the EternalBlue exploit in certain Windows computers, the same vulnerability that WannaCry targeted. It’s generally believed that EternalBlue was originally developed by the United States National Security Agency; it was leaked by the Shadow Brokers hacker group earlier this year.

The CHKDSK screen, photo courtesy of @hackerfantastic on Twitter.
The CHKDSK screen, photo courtesy of @hackerfantastic on Twitter.

Petya spread throughout the world today, and it soon became clear that this was a worse attack than WannaCry. The virus is more complex and stronger; it doesn’t include some of the weaknesses that WannaCry did, such as poor payment management for the ransoms that it collects. Today, Petya has caused internet outages and inconvenienced businesses, but perhaps its greatest effect has been forcing the Maersk shipping company to shut down. Maersk is the largest shipping company in the world, and the cyberattack took down its IT systems. This compelled the Port of Los Angeles to close its largest terminal.

The best way to protect your computer is, of course, to update its operating system to a more recent version. Microsoft has already patched the EternalBlue vulnerability out of Windows operating systems, but some people and businesses have not yet installed the update. As a result, Petya was able to spread throughout the world in spite of Microsoft already releasing a fix to the vulnerability.

Earlier today, many people believed that the ransomware didn’t include a kill switch like WannaCry did, but computer scientists and security experts on Twitter have recently discovered what appears to be a way to halt Petya’s encryption function. The ransomware checks for a specific file in the Windows directory; if that file exists, it won’t run the encryption. Creating a read-only file called “perfc.dat” in the C:\Windows folder will stop it from running; as a result, you can protect your computer from the virus by creating this file on your own computer.

If your computer is infected, you can still save your files. Upon infection, Petya will warn users with a “CHKDSK” message that disguises its file encryption. User Hacker Fantastic found that if you do not let the computer proceed past this message, you can turn off your computer, prevent the virus from completing the encryption, and recover your files via an external machine or a Live CD.

from GameSpot


Author: Adventures Gate

Hey everyone, I'm Jonathan but people will know me as Jon... I enjoy hiking and exploring the outside world as well as getting to see fantastic views. It can bring you to the most beautiful places on earth and into contact with amazing plants and wildlife and can be done all year round which is why I enjoy it so much despite it being challenging sometimes due to the weather - it has allowed me to meet a lot of new people and experience things I wouldn't have before. I also find it relaxing and interesting. I also really enjoy blogging and sharing my experiences with similar people. Hopefully you will read mine. My company Adventures Gate displays my other hobby - gaming! I love collecting items to do with gaming and playing in general. I guess I am a bit of a geek when it comes to this. Adventures Gate now offer free postage options when you spend more than £20 (there may be a small additional charge for larger items). That`s free 1st class post in the UK and free airmail to Europe.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s