PETYA. Russia has called for a concerted international action to combat cybercrimes. The corresponding statement has been made by the Kremlin spokesman Dmitry Peskov earlier in the day. It came after a new massive ransomware attack hit major companies throughout the world. The attack that unfolded on Tuesday disrupted the work of Windows-operated computers in several European countries as well as the United States. Ukrainian firms were among the first to report the incident.
Radio Sputnik discussed the issue with Cong-Fook Fong, CEO of LGMS, the professional info security service firm from South Asia, specialized in Computer crime investigation, penetration testing and various info security compliance.
Summary of PETYA
Some people calls the Petya virus the WannaCry version2. They may look similar from the surface as both exploit the same vulnerabilities which is the Eternal Blue. However, there are a lot of things that are different if they are looked in deeply. This includes the way the ransomware infects the victims and the way the ransomware encrypts. The Petya will still infect the machines that have already applied with Microsoft Patch which is used to combat the WannaCry. Different from WannaCry, it will encrypt the master boot record which means it will reboot the computer, so that it cannot be put up again.
This new ransomware, the Petya virus, is the combination of the codes coming from different old ransomware. If a computer is infected, the virus will reboot the computer and give a warning message. The computer should be immediately shut down or forced power off if this kind of message appears.
The prevention of this virus is to quickly update the anti-virus because most anti-virus software already have the definition for this virus. It is believed that this will be another trend where new ransomware that involve old codes with new techniques to infect the computers will be available in the future or maybe even worse. NSA is blamed for this because this situation may be avoided if they did not keep the things secret then accidentally lose the secrets.
Therefore, whenever any vulnerabilities are found in the operating systems or applications, those vulnerabilities should be reported to the owners or vendors. This situation will make a very good example of vulnerabilities that are not notified had caused so much havoc to the world. Lastly, individual countries should have rules and regulations to enforce disclosure to avoid the repetition of this situation.
You may also find other interesting LGMS News at the following links:
Sputnik Radio: All hacks can be prevented if companies test their products before launching them
Sputnik Radio: BadRabbit Malware
FreeMalaysiaToday: Malaysia ill prepared for cyber attacks
The Star: Intel urges PC users to check for chipset flaw