Petya: Bigger global ransomware attack; How to protect yourself

TRA advises on how to overcome ransomware Petya

DUBAI 29 June 2017: The Telecommunications Regulatory Authority (TRA) has advised users to be aware of the updated version of the ransomware ‘Petya’, which started spreading globally on Tuesday and breached thousands of computers and servers around the world.

The breach disabled, encrypted, and locked users from accessing their computers unless they pay a sum of Bitcoin, and that’s when a group of hackers developed a new version of the ransomware ‘Petya’ by exploiting the same gap in the operating system Windows, named ExyernalBlue in the SMBv1 protocol. This virus restarts the victim’s device, encrypts the Master File Table, and exchanges the Master Boot Record with a series of malicious software instructions that shuts down the device.

The TRA Computer Emergency Response Team (aeCERT) announced that there hasn’t been any reported cases of breach by this virus in the UAE.

To avoid exposure to the virus, the TRA advises individuals to follow these steps:
· Always keep a backup copy
· Avoid opening links and files from an unknown source
· Use the original anti-virus programs
· Update the software of your phone and computer constantly
· Avoid surfing untrusted sites

In case of exposure to the virus, the TRA advises the individuals to do the following:
· Do not obey the hackers, there is no guarantee that paying the ransom will lead to the decryption of the files.
· If the attacked device is the company’s computer, inform the Information Technology Department immediately.
· If the attacked device is your personal laptop, take it to the authorized agent.
· Don’t open any untrusted emails
· Update the software of all your personal devices

Concerning the IT specialists, please visit (aeCERT) advisories page: https://www.tra.gov.ae/aecert/en/resource-center/advisory.aspx

It is worth mentioning that this virus changes its signature constantly, so we advise to follow the TRA social media channels (Facebook TheUAETRA, Instagram TheUAETRA, Twitter @THEUAETRA) or TRA website www.TRA.gov.ae to get the latest updates.

New cyber attack goes global

MOSCOW: Computer systems from Ukraine to the United States were struck on Tuesday, June 27th, in an international cyberattack that was similar to a recent assault that crippled tens of thousands of machines worldwide.

The ransomware virus, dubbed Petya, includes code known as ‘Eternal Blue’, which cyber security experts widely believe was stolen from the US National Security Agency, NSA, and was also used in last month’s ransomware attack, ‘WannaCry’, according to Reuters.

More than 80 companies in Russia and Ukraine were initially affected by the virus that disabled computers and told users to pay US$300 in cryptocurrency to unlock them, Moscow-based cybersecurity company Group-IB said. About 2,000 users have been attacked so far, according to Kaspersky Lab analysts, with organisations in Russia and the Ukraine the most affected.

Rob Wainwright, Executive Director at Europol, said the agency is “urgently responding” to reports of the new cyber attack. In a separate statement, Europol said it’s in talks with member states and key industry partners to establish the full nature of this attack at this time.

Rosneft, Russia’s largest crude oil producer, said in a statement that it avoided any serious consequences from the ransomware attack by switching to a backup system for managing production processes.

Other victims include British advertising firm WPP and US law firm DLA Piper, and at least one hospital in the US city of Pittsburgh.

According to the BBC, this new strain of the ransomware only affects older machines, and those running up-to-date version of the Windows O/S should not be affected.

The spread of this new ransomware is likely to be much slower than last month’s WannaCry attack, researchers predict, as code analysis showed the new attack did not attempt to spread itself beyond the network it was placed on.

Also, as reported on Tuesday, the method by which victims can pay the ransom fee has been rendered useless. An email address provided by the criminals has been shut down by the hosting provider, while the Bitcoin wallet, where ransoms are deposited, has not been touched.

At the time of writing, the wallet contains approximately US$8,000-worth of Bitcoin, not a large return for such a significant and widespread attack.

These factors contribute to a now-prevailing theory that this was a politically motivated attack on Ukraine, coming as it did just as the country is set to celebrate its Constitution Day.

By Eudore R. Chand

Dubai Gazette