New Delhi: India has been the worst hit in the Asia Pacific region and the seventh most affected country globally by the ‘Petya’ ransomware that has impacted large organizations in multiple countries, according to security firm Symantec.
The Ukraine, the US and Russia were among the worst hit countries by the new strain of the ransomware that started propagating on 27 June. Other countries that have been impacted include France, the UK, Germany, China and Japan.
The cyberattack that has hit businesses and governments across Europe, Latin America and Asia is similar to last month’s attack by a malware called WannaCry.
Petya has been in existence since 2016. According to Symantec, it differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR).
According to a Symantec investigator, the Petya ransomware was spread, at least in part, through updates to a Ukrainian tax accounting software and the majority of victims of Petya are Ukrainian organizations. Incidentally, while the attack began on 27 June, and 28 June is Ukraine’s Constitution Day, a national holiday.
Once on a computer, the ransomware attempts to encrypt a set of files that have specific extensions. The attacker then demands payment of $300 worth of Bitcoin to be transferred to a single wallet. In the ransom note, the victim is told to send a notification of the payment to a single email address.
Since Petya is a worm, it has the ability to self-propagate. It does this by building a list of target computers and then spreads to those computers using IP address and credential gathering.
Security firms like Symantec have advised companies to update their Windows software, check their security solutions and ensure they have back up and ransomware detection in place.