Petya malware attack potent, uses multiple techniques: IT security firms

IT firm Sophos said Petya is particularly 'virulent' as it spreads automatically within a network

Top IT security firms have warned that the latest 'Petya' malware could be particularly potent as it uses "multiple techniques" to automatically spread in a network soon after the first system is infected.

The attack, which comes within weeks of a similar cyber attack called WannaCry, has been spreading through Europe, and seems to be making its way into India.

Security solutions company Sophos said the latest version of malware is particularly "virulent" because it uses multiple techniques to spread automatically within a company's network once the first computer is infected.

In India, one of the terminals at the Jawaharlal Nehru Port Trust (JNPT) port has been impacted, prompting the authorities to contain the disruption in fire-fighting mode.

IT Minister Ravi Shankar Prasad has said that proactive measures have been initiated and the government is keeping a close vigil on the situation. He maintained that there is no large-scale impact on India yet.

GSTN — the IT backbone on which India's biggest tax reforms is set to roll out from July 1 — has said its operations have not been affected and registrations are going on smoothly.

Matt Moynahan, CEO of Forcepoint said the latest attacks demonstrate the vulnerability of critical infrastructure.

"An important takeaway is the undeniable trend in the increasing ease by which attackers can penetrate the perimeter and get inside of corporate infrastructure," Moynahan said.

From the government to the boardroom, leaders need to make cyber resiliency a requirement, putting focus and funding behind it, he noted.

Once infected by the ransomware, the systems are locked and a demand of USD 300 in Bitcoins is made to recover the files. However, it is not clear whether the systems are decrypted after the payment is made.

Security firm Kaspersky cited its data to say that about 2,000 systems were impacted as of Tuesday, with organisations in Russia and Ukraine being hit, the hardest. Systems in Britain, France, Germany, Italy, Poland and the US were also impacted.

Some of the biggest corporations including Russia's largest oil company Rosneft, Ukraine's international airport, shipping firm AP Moller-Maersk, and advertising giant WPP have come under attack.

"We advise all companies to update their Windows software, to check their security solutions and ensure they have back up and ransomware detection in place," Kaspersky said.