After WannaCry, the Petya ransomware attack is wreaking havoc across the world. Europe, US and India are the countries which have been affected the most. While Ukraine has been the worst affected globally, India has borne the brunt in Asia.
Due to Petya ransomware, the India operations of German personal care company Beiersdorf AG, and British consumer goods company Reckitt Benckiser have been hit, as per reports. The ransomware has also halted work at one of the terminals at India’s largest container port, Jawaharlal Nehru Port (JNPT) off the east coast of Mumbai. The government said that one of the terminals at the JNPT port has been impacted by the malware attack. “The (shipping) ministry has confirmed that one terminal at JNPT has been affected due to the attack at Maersk’s Hague office,” an official said to PTI. This terminal is operated by Danish shipping giant AP Moller-Maersk, which is still struggling with the cyber attack and has seen its systems crash. Accounting for more than half of the total container volume across 12 public ports, Jawaharlal Nehru Port also handles around 40 per cent of the nation’s overall containerized ocean trade.
Another private port operator, APM Terminals Pipavav, has partially been hit by the malware. Top IT security firms have warned that Petya could be particularly potent as it uses multiple techniques to automatically spread in a network soon after the first system is infected.
Researchers have said that the Petya is not really a ransomware, rather it is a wiper. The main aim of the malware is to delete all data, including data on the first sectors of the disk where the information about the operating system is usually stored. The idea with this attack was to cause massive destruction of data, not to make financial gains. Kaspersky has reported that the hackers have no way of decrypting the data.
The Petya attack is believed to have started via MEDoc, which is a tax and accounting software package in Ukraine. According to reports, Ukraine’s oragnisations were the main targets of this malware,but later it spread to other countries. Symantec says Petya is a worm and has theability to self-propagate. “It does this by building a list of target computers and using two methods to spread to those computers,IP address and credential gathering,” says the research firm’s blogpost.
Some research firms have confirmed that the data cannot be recovered, as this program is a wiper, not a regular ransomware.