New ransomware attack across Europe. Companies from Ukraine, Russia and Spain and possibly Italy are affected. Here’s how to defend yourself
The world is shaking again. After WannaCry, the terrible ransomware that in a few days has hit more than 300 thousand computers, in these last hours the computer systems of many companies are again under attack. The new virus, Petya, started from Ukraine and quickly spread to other countries.
From the first analysis made by experts in the field, Petya is a ransomware, i.e. a virus that blocks access to computer data and in order to get it back the user has to pay a ransom. In the case of Petya, hackers demanded $300 (just over 250 euros) from users to be paid in bitcoin. For the moment, among the most affected countries is Ukraine, with the computer systems of the government, the Central Bank, the airports and the subway of Kiev completely blocked.
From the information coming from the Eastern European country, also the Chernobyl power plant would have been affected by the Petya ransomware, but at the moment no problems or malfunctions are reported. And in Italy? The information is conflicting: some IT security companies report that no device in Italy has been affected by the new malware, while other companies warn that some Italian companies could be among the first victims of Petya.
How Petya attacks
The modus operandi of Petya is typical of a ransomware attack: it encrypts the data contained in the affected machines and asks for a ransom in exchange. According to infected users, the hackers – who still remain unnamed – demand payment of $300 in bitcoin for each affected machine. The virus used the same “ploy” to infect computers as WannaCry, the hacker attack that affected nearly 300,000 devices in May. The hackers exploited a flaw in the Windows SMB protocol, the port used by printers and computers to communicate with each other. If the virus manages to infect the main computer of a company’s network, it crashes all the company’s PCs.
First analysis by cybersecurity companies suggests that hackers used EternalBlue to infect company computers. For those who don’t know, EternalBlue is a cyber weapon developed by the NSA (the U.S. National Security Agency) that was stolen last year by a group of Russian hackers. The same cyber weapon was also used during the Wannacry attack.
A very dangerous ransomware
Petya is a very dangerous virus. Very few antivirus programs are able to detect it and when it starts working, it encrypts the entire hard disk of the computer and not individual files, making it impossible to restart the device.
What is Petya
Experts in the field know Petya very well, in fact the virus has already affected many computers in the past years. But in this new attack, hackers use a new version of the ransomware that makes it much more powerful and almost impossible to stop. So much so that Kaspersky Lab reported that the attack would not be carried out using Petya, but a new ransomware unknown to all.
All the World under Attack
Like WannaCry, the new ransomware campaign seems unstoppable and grows by the minute, overwhelming public and private companies. In addition to Ukraine, Russia and Spain are also among the most affected nations. Also falling into the ransomware trap are Danish Maersk, active in the maritime and naval logistics sector, and the pharmaceutical company Merck.In Rotterdam, Netherlands, authorities were forced to close a part of the commercial port.
For the moment, the news in Italy is conflicting, but in a few hours more will be known.
Who carried out the attack
The attack originated in Ukraine and then spread throughout Europe. The companies caught in the trap by the new ransomware had already been hit a few years ago by Russian hackers. And it is very likely that on this occasion, too, Russian hackers are behind the attack.
Unable to pay the ransom
In order to pay the ransom in Bitcoin, the hackers had created an e-mail address on a German site that does not require personal data to open the mailbox. After news of the hacker attack spread, however, the German company blocked access to the hackers’ email address, making it impossible to pay the ransom. While those who have already paid, will not receive the key to decrypt the data.
How to defend yourself against the hacker attack
Not yet knowing perfectly how the new ransomware acts, it is impossible to work out a defensive strategy. But surely you should not pay the ransom demanded by hackers, you would be funding an illegal activity and the development of new viruses. Per il momento si deve temporeggiare e aspettare che qualche società di sicurezza informatica riesca a fermare l’attacco.
L’unico strumento nelle mani degli utenti è quello della prevenzione. Come abbiamo visto, il virus del riscatto sfrutta una falla presente in un protocollo di Windows: l’azienda di Redmond aveva già risolto questo problema nel mese di marzo, purtroppo moltissimi utenti non avevano installato l’aggiornamento. Molto spesso per difendersi basta un po’ di attenzione e seguire delle semplice regole:
- Aggiornare costantemente il proprio sistema operativo e l’antivirus
- Non cliccare sui link che provengono da persone che non si conoscono o che non si ritengono affidabili
- Non cliccare sui banner pubblicitari poco chiari
- Non aprire mail provenienti dagli sconosciuti
- Non scaricare gli allegati che non si ritengono sicuri
- Effettuare costantemente il backup dei dati in modo da essere sempre al sicuro