Petya cyberattack: WannaCry malware successor paralyses Mumbai Port
- Petya is believed to have originated in Ukraine and has majorly affected Ukraine government banks, electricity grids
- Largest container port Jawaharlal Nehru Port Trust in Mumbai has been largely by the ransomware
- The current ransomware asks for $300 bitcoins in ransom and is known to not unlock the system even if the payment is made
- Here’s what you need to know about tackling Petya ransomware
The government on Tuesday confirmed that one of the terminals at the JNPT port has been impacted by the latest malware attack, globally called Petya.
"The (shipping) ministry has confirmed that one terminal at JNPT has been affected due to the attack at Maersks Hague office," an official said, adding that the government will share a report or a statement.
Maritime conglomerate Maersk group confirmed that its operations were hit by the cyber attack. "We can confirm that on Tuesday, June 27, AP Moller-Maersk was hit as part of a cyber attack named Petya, affecting multiple sites and select business units," Maersk said in a tweet.
Petya, is also a ransomware which made an entry in 2016 but has come back in a more virulent form this year. Petya is believed to have originated in Ukraine and has majorly affected Ukraine government banks, electricity grids but even companies across Europe and USA are under its spell.
According to foreign media reports, despite paying the ransom of $300, some computer screens, files are not being unlocked.
Coming back to the Mumbai port which has been hit:
Operations at the terminal of the nation’s largest container port Jawaharlal Nehru Port Trust (JNPT) were impacted on Tuesday night as a fallout of the global ransomware attack Petya, which crippled some central banks and many large corporations in Europe.
AP Moller-Maersk, one of the affected entities globally, operates the Gateway Terminals India (GTI) at JNPT, which has a capacity to handle 1.8 million standard container units.
"We have been informed that the operations at GTI have come to a standstill because their systems are down (due to the malware attack). They are trying to work manually," a senior JNPT official told PTI.
HOW IS JNPT HANDLING THE SITUATION?
The official explained that JNPT is trying to help the company, but there is little that others can do as the problem is with the systems. Fearing some clogging up of cargo, additional parking space is being made available, the official said, promising to help in any possible manner. The Hague-based APM Terminals also operates the Pipavav terminal in Gujarat.
WHAT YOU NEED TO KNOW ABOUT PETYA?
The current attacks come weeks after the Wannacry ransomware attack, which affected systems of many companies.
Petya is a malicious software spreads that has been riding on the vulnerability of the code EternalBlue in Microsoft Windows or through two Windows administrative tools. It is suspected to be even more advanced than WannaCry.
The Ukranian Cyber police has been continuously tweeting solutions and suggestions to those affected. The Ukraine CyberPolice say they are working together with leading cyber city experts to decrypt the ransomware.
- Mentioning the different time zones the attack took place, CyberpoliceUA said that the block took place within 3 hours from a specified time.
- Their data claims that once a person restarts the affected system was configured by the virus developer at 14.35.
- Once activated, the virus will automatically and freely distribute itself across the network of the affected computer.
HOW YOU NEED TO TACKLE PETYA
The ransomware is targetting old and vulnerable IT systems, especially EternalBlue. Microsoft has already patches to protect against this vulnerability.
Get your system backup in order
In case you work with highly confidential files and have important information stored on your system then it wise that you make a back up of the same, so you don't need to pay the ransom if you have all your files already with you.
Make sure your IT network and computer is well protected
Check firewall protection, anti-virus updates, they can help alert you if a malware is trying to access your files.
Avoid clicking on suspicious links
In the first place, do not click on any link which looks suspicious even though it may be sent from your bank, colleague, or family member. Anything which prompts you to download an extra software or link should be avoided
When you are using public wi-fi be careful not to do any private banking transactions or confidential paperwork
ORIGIN OF PETYA
A Moscow-based cyber security firm Group IB traced the origins of the malware and the hackers to a code developed by the US National Security Agency (NSA) which was leaked and then used in the Wannacry ransomware attack that caused global disruption last month, according to an AFP report.
The malware includes far more threats than WannaCry, making it potentially tougher to fight.
Like the original ransomware, known as WannaCry, EternalRocks uses an NSA tool known as EternalBlue to spread itself from one computer to the next through Windows.
The global wire quoted a Ukrainian media company, which was hit, as saying its computers were blocked and it had received a demand for USD 300 worth of the Bitcoin crypto- currency to restore access to its files.
SPREAD OF PETYA
An AFP report quoting the Ukrainian central bank said a cyber attack hit several lenders in the ex-Soviet republic, hindering operations and leading the regulator to warn other financial institutions to tighten security measures.
Foreign media reports from the Netherlands capital The Hague quoting the pubcaster RTV Rijnmond said a new ransomware virus called Petya has hit 17 APM terminals, including two in Rotterdam and 15 in other parts of the world. APM Terminals is a subsidiary of shipping giant Maersk, which has confirmed that it is suffering from a cyber attack.
Firms that were hit include Russia’s biggest oil company Rosneft, global advertising giant WPP Group and multiple institutions in Ukraine, including its central bank and an international airport. Some major firms across the world who have taken the hit are Cadbury, Saint-Gobain and more.
Even in the case of the Chernobyl reactor, the radiation monitoring system was taken offline, forcing employees to use hand-held counters to measure levels