Arabic AR Chinese (Simplified) ZH-CN English EN French FR German DE Japanese JA Portuguese PT Russian RU Spanish ES Ukrainian UK

‘Petya’ ransomware may be smokescreen for potentially larger attack

Latest news

    View the original article:

    Creating a single file can vaccinate computers against the ‘Petya’ ransomware attack but a ‘kill-switch’ cure for the digital infection has so far eluded cyber security researchers, which may be a sign of worse to come.

    Similar to the WannaCry attacks, users worldwide have been locked out of their systems with screens displaying a demand for a $300 ransom payable in Bitcoin through a specific set of instructions.

    “If you see this text, then your files are no longer accessible, because they are encrypted,” the ransom note reads. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

    While the infection has spread worldwide already, the open-source cybersecurity community sprang into action immediately and discovered the digital ‘vaccine.’

    Users must simply create a read-only file, with the title ‘perfc,’ and place it in the C:\Windows folder. This will stop the attack dead in its tracks. It does not, however, prevent infection to other machines, it merely protects the individually targeted system, much the same way an immunized human can still be a carrier of infection.

    “There is low risk of new infections more than one hour after the attack,” the MalwareTech blog stated.

    The current ransomware attack is far more limited in scope than its predecessors as it does not attempt to propagate beyond the target network, fuelling speculation that it may just be a cover for another, much larger attack.

    Such tactics were allegedly employed during the WannaCry incident which acted as a cover to install the Adylkuzz cryptocurrency miner on thousands of systems worldwide.

    The smaller scale and relative ineffectiveness of the current attack is conspicuous given the recent wave of ransomware hacks worldwide from which the perpetrator could have drawn technical knowledge and inspiration.

    The email account to which victims send their ransoms was suspended by the German hosting provider Posteo by noon local time on June 27 and the Bitcoin wallet associated with the attack has not been accessed.

    Given the size but disparate nature of the targets – including the Ukrainian central bank, Russia’s state oil company Rosneft, British advertising firm WPP, and US law firm DLA Piper – it appears, initially at least, that the attack was intended to generate chaos and confusion rather than money. 

    In the same category are

    EU recalls Russia envoy, backs UK belief Moscow ‘highly likely’ responsible for Skripal poisoning EU leaders see “no plausible alternative explanation” for the Skripal poisoning and are set to recall their ambassador to Russia for consultations, pr...
    US Congress passes colossal $1.3 trillion budget, sends bill to Trump before govt shutdown deadline The US House of Representatives and Senate have approved, at the 11th hour, a $1.3 trillion spending package, narrowly averting a federal government s...
    100s of militants & civilians leave Harasta, East Ghouta, under official pact (DRONE VIDEO) Hundreds of militants and their families have begun leaving the town of Harasta in East Ghouta on Thursday, under a special, Russian-brokered agreemen...
    ‘His life matters’: Protests sweep Sacramento after police fatally shot unarmed black man Huge protests have gripped Sacramento after a video of police fatally shooting an unarmed black man was released. The distressing footage which quickl...
    Fiery car crash at Travis Air Force Base reportedly treated as terrorist attack An incident at an air base in Northern California is reportedly being treated as a terrorist attack by US authorities, including the FBI and Air Force...
    Austrian diplomat recalled from Israel for wearing ‘Nazi’ shirt Austria’s Foreign Ministry has recalled an employee from its embassy in Israel after he posted a photo of himself on Facebook wearing a T-shirt emblaz...

    Leave a comment

    Your email address will not be published. Required fields are marked *