A new form of ransomware called Petya has attacked company computers at a number of major business, reaching the Ukraine, Denmark, France, Poland, Germany, Russia, Italy, the United Kingdom and the United States.
Among some of the companies effected are worldwide advertising agency WPP and Russian oil and steel firms Evraz and Rosneft. They, along with the others infected, were given a ransom demand of $300 to be paid via Bitcoin.
In spite of its wide reach experts say this is not an experienced or sophisticated scammer. The ransomware is basic, and the amount of money that has been asked for is significantly lower than would be expected for such large targets.
However, through sheer luck it has spread and infected prominent networks which make it a massive security threat to the businesses touched. Some paid the ransom to regain access. But that option has been removed after Posteo, the email provider where the scammer was operating the address fro, shut down the account.
Locked and Loaded
Ransomware has become a common form of malware in the last several years. Targeting computers through a network it will lock it down and display a screen. This screen demands a certain amount of money in order to receive an encryption key to unlock the network for use again.
Individuals are most likely to be targeted, as it is a simple way to ensure the ransom is paid. A bad .exe file will be downloaded through a popup or download link, and an email or phone number will be provided where the individual can contact the person to pay the ransom. When this happens it is easier to eliminate the virus, as only a single computer has been infected.
However, in the case of business networks there is an infection along multiple lines. Getting rid of the malware can be difficult at best, and in the meantime can cause massive disruptions to day to day work tasks, customer accounts, and other important sectors.
This is an increasing worry to cybersecurity experts, who point to past attacks that have had devastating impact on businesses that were targeted. It isn’t just about the initial attack, but the downtime while the malware is either removed, or the ransom is paid and the key is entered to remove it.
There is also a cost to reputation and brand trust, as customers worry about their data following a cyberattack.
Source: NY Times