A major cyber attack hit companies in Europe, the Middle East and the US on Tuesday, wreaking havoc for employees and customers alike.
The attack caused computers to stop working, instead displaying a ransom note demanding $300 (£235). The widespread attack affected global and national organisations including the Ukranian National Bank, British advertising firm WPP and logistics company Maersk.
What is ransomware?
Ransomware is a type of cyber attack that locks all digital files and demands payment in order for them to be returned. Computers that are infected with a ransomware virus become unusable save for displaying a ransom note.
It is difficult to recover files from a computer that has been infected with ransomware and victims are often advised not to pay the fee. If they do decide to they are advised that their information may not be returned fully and that it has been compromised.
What is Petya ransomware?
A variant of the Petya ransomware, which has been around for more than a year, was blamed for Tuesday’s global attack. Petya is a vicious form of the virus that locks a computer’s hard drive as well as individual files stored on it. It is harder to recover information from computers affected by this ransomware, which can also be used to steal sensitive information.
Cyber security experts Kaspersky Lab released a conflicting report that said the ransomware was not related to Petya but was in fact a new program it called NotPetya.
How does it differ from WannaCry?
Security experts said the program could have spread in a similar way to the WannaCry attack that hit hundreds of thousands of computers including the NHS earlier this year. Like WannaCry, Petya could have used Eternal Blue, a tool created by the National Security Agency and leaked online by the Shadow Brokers that exploits a problem in Microsoft’s software.
How widespread is the problem?
The attack hit around 2,000 computers in around a dozen countries including the UK, US, France and Germany. State-run and public organisations were affected, with the global advertising giant WPP and the Ukrainian National Bank both reporting problems.
The most affected country was Ukraine where the Chernobyl nuclear power plant systems were reportedly switched to manual as a precautionary measure.
Should I be worried?
Computers running the most recent update of Microsoft’s software should be safe from the attack. Users are advised to check they have installed the latest version of Windows and refrain from clicking on malicious links.
What to do if you’re a victim – should you pay the ransom?
Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them in tact.
Instead, the best thing to do is restore all files from a back up. If this isn’t possible, there are some tools that can decrypt and recover some information.
By Cara McGoogan
27 JUNE 2017 • 6:27PM
Source: Telegraph UK