The Petya Ransomware

Published on: | by

In March 2017, the WannaCry ransomware attack occurred which was believed to be one of the largest ransomware attacks in history. Discussions of this past attack and who should take the blame has been previously discussed in our blog and newsletter. Now, just a few months later there has been another major cyberattack. At the end of June 2017, another large ransomware attack occurred, which has been called Petya. This ransomware attack is similar to WannaCry in that it locks up the computer files using encryption and demands a ransom in order to unlock the files. This ransomware also takes advantage of the vulnerability within the Microsoft Windows computers that have not yet updated to the latest software.

This attack began in Europe and spread to the United States. The North American Treaty Organization (NATO) says that a “state actor” was behind the Petya ransomware attack. NATO also stated that there is a possibility that the attack was not done by a state actor, but that it would have been done by a non-state actor who had the approval and support from another state. They believe this because Petya was very complex and expensive to run.  According to NATO, if it is found that Petya was done by a state actor, then it would mean that this cyberattack could potentially be viewed as an act of war.

The Petya attack has hit over 12,000 different devices in 65 countries. More than 30% of the institutions that were affected by this attack were financial organizations.  Industrial organizations, such as, utilities, oil and gas, transportation, and other companies were also targeted and it is believed that they made up half of the targets.

Although, the Petya ransomware locked down computers and asked for a ransom, the amount that they have received has not been very much. The current estimates indicate they have only been paid 3.99 Bitcoins, which is equivalent to approximately $10,284 at the current price. This leads NATO to believe that the cybercriminal’s main objective was not to just extract a ransom from people. This has led cybersecurity research analysts, including, Tyler Moffitt to believe that the main motive behind this ransomware was “wreaking the maximum amount of disruption to Ukrainian infrastructure, while merely operating under the guise of ransomware.”

In order to protect themselves, consumers need to try and ensure their devices are on the most updated version of software. By having the most current software, devices are much less vulnerable to cybersecurity attacks and breaches. It is also important to keep data backed up frequently to either an external hard drive or to a cloud service provider. By backing up your data, if you experience a ransomware attack you can easily restore your data from the backup without having to worry about paying the ransom. Approximately 47% of individuals who pay to get their data back actually end up having their data returned. This really illustrates the importance of keeping backed ups because it’s the best way to ensure you can get your data back if you fall victim to a ransomware attack.

At our law firm, we assist clients with legal issues related to internet, technology, and cybersecurity.  Please contact us to set up an initial consultation.