Petya ransomware attack: Five questions answered

Cyber-security expert tells Al Jazeera the latest attack appears to be more serious than a similar incident in May.

Ransomware
Power grids in Ukraine to hospital systems in the US were affected by the latest cyber-attack [Reuters]

A major cyberattack via a ransomware virus dubbed Petya has caused widespread disruption across the globe, affecting power grids in Ukraine to hospitals in the United States.

Technology experts are scrambling to prevent more damage following the attack, which experts say bears the hallmarks of Wannacry ransomware, which also caused major problems in May.

Who is to blame for the massive ransomware attack?

Al Jazeera has spoken to Gavin Millard, technical director at Tenable Network Security, a US-based cyber-security company specialising in spotting vulnerabilities in networks, to find out more about the latest cyberattack and how serious it is.

Al Jazeera: What do we know so far about this attack and what is causing it?

Gavin Millard: It’s a ransomware attack very similar to WannaCry that hit a few weeks ago. Basically, it infects the system and encrypts the files.

What is different with WannaCry is firstly, the way it is spreading – it is not just using one vulnerability, but multiple vulnerabilities. Secondly, it is also locking systems, not just encrypting files.

Al Jazeera: By locking systems, do you mean no access?

Millard: Exactly. It drops people out of their standard Windows desktop onto a command prompt with a ransomware note on there and nothing else can be done with that system.

Al Jazeera: So, it sounds far more serious than WannaCry – is that the case?

Millard: WannaCry was simple but effective. With this one, it’s a lot more complicated. It’s got multiple methods of spreading.

It looks like it’s leveraging quite a few known vulnerabilities and it is being able to spread more broadly.

The other concerning aspect is so far there’s been no killswitch discovered – like in WannaCry. So it could continue to spread unabated.

WannaCry: A new era of cyber security

Al Jazeera: Would all such attacks have some sort of a killswitch to turn it off and it just needs to be discovered?

Millard: Generally not. Many theorise that the one in WannaCry was an accident. It was a piece of code that was left in there before it was released to the wild, so basically, the authors of WannaCry didn’t infect themselves.

Others have theorised that it was a way of getting around certain security technologies.

At the moment there are researchers around the globe looking at this new variant of Petya. There may be one in there, but unfortunately, there may not be. So the best approach is to patch systems and protect from the different methods that it’s using to infect.

Al Jazeera: How easy is it for people and companies to actually do that, and how long does it take?

Millard: For individuals, such as home users, that’s actually being dealt quite well nowadays – Microsoft, the ubiquitous operating system is auto-updating for almost everybody.

When it comes to businesses though, it’s often quite difficult to keep these systems up-to-date – you’ve got very diverse networks, you’ve got different owners of those networks and you’ve got reasons for not updating, for example, business purposes.

So often you see trailing patterns when it comes to patches. A patch is released and then it could be a month, two or even three months before the patches are deployed, and sometimes even never.

Source: Al Jazeera