Petya ransomware has haunted the world like the WannbeCry. There are many countries where the ransomware is unleashing havoc and halting services. However, there is doubt whether the attack has affected any Indian organization or not. But Trend Micro, one of the security firm, is of the view that the Petya ransomware has not affected India as there are no cases reported as of now.
Ms. Sharda Tickoo, Technical Head, Trend Micro India said, “In India, so far we have no cases of Petya that have been reported to us. The countries most affected are Europe, typically Ukraine and Russia. We would recommend the companies to maintain an important hygiene of regularly taking back-up of necessary data and proactively monitor the systems for any suspicious activity. And most importantly, because it is a ransomware, we have to secure the email gateway first. There are also certain URL categorizations employed in work environment which can block access to malicious codes. Ensure that all the workstations have least privilege unless any workstation actually requires administrator privilege, as the ransomware spreads and tries to escalate the privileges. As it uses certain administrative tools like power shell, ensure that these utilities are restricted to administrators.”
Pointing out the similarities and differences between other ransomware, she further added, “There are a lot of similarities that are being drawn between Petya and WannaCry. WannaCry was a very basic form of ransomware attack and it used worm like techniques. Petya seems to be a thorough ransomware which uses different modalities. It is using EternalBlue vulnerability. It leverages multiple infection vectors not just one. The Petya ransomware modifies the Master Boot Record (MBR) and encrypts the system files. Once the MBR is modified by this ransomware, the system displays the ransom note instead of a black or blue screen. While the normal ransomware does not touch the MBR but encrypts files and asks for ransom. The Petya ransomware is a combination of a wiper and a ransomware, because it wipes the MBR.”