Ransomware attack: After JNPT hit, Centre rushes cyber security advisor to Mumbai


Ransomware attack: After JNPT hit, Centre rushes cyber security advisor to Mumbai

Firms that were hit today include Russia's biggest oil company Rosneft, global advertising giant WPP Group and multiple institutions in Ukraine, including its central bank and an worldwide airport.

"Sophos is responding to a new variant of the Petya ransomware family that has affected organisations across Europe". The spy agency has not publicly said whether it built Eternal Blue and other hacking tools leaked online by an entity known as Shadow Brokers.

The company denied any accidental involvement with the attack on its Facebook page, but Microsoft, security firm Talos, and Ukraine's own national cyber security department pinned the blame on the software.

The virus is similar in its demands to the WannaCry ransomware, which swept the world last month, hitting more than 200,000 users in more than 150 countries.

"Due to the cyberattack, the website of the Chernobyl nuclear plant is not working", said Ukraine's exclusion zone agency which oversees the Soviet plant that exploded in 1986 and is now surrounded by an uninhabited contaminated zone.

For the moment, Ukraine has been the country most affected by the attack, which targeted the Kiev metro, the state-run Ukrenergo electricity company, the Ukrtelecom telephone company and several cell phone operators, among many other firms.

The "Petya" ransomware has caused disruption at firms across the USA and Europe including advertising giant WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. He said it bore resemblances to the previous "WannaCry" hack, but also showed indications of a "more sophisticated attack capability meant to exploit a range of vulnerabilities".

The ransomware is being called a more sophisticated version of the Petya malware that was used in an attack last spring.

Danish shipping giant AP Moller-Maersk said it was among the victims, reporting outages at facilities including its Los Angeles terminal.

Since appearing in Ukraine yesterday, Petya has infected tens of thousands of machines across at least 65 countries, according to a post on Microsoft's TechNet Malware Protection Center blog.

Tehan advised the affected computers should be isolated from the network to prevent the software spreading. At India's largest container port, one of the terminals was idled by the malicious software, which goes by a variety of names including ExPetr.

SingCert described Petya as "more risky and intrusive" than WannaCry; Petya encrypts the entire hard drive rather than each file individually.

Regular consumers who have up-to-date Windows computers are safe from this attack, experts say.

Important. Posteo, the email provider for the email address you're supposed to contact in order to get your decryption key, has already disabled the account.

That hunch was buttressed by the way the malware appears to have been seeded using a rogue update to a piece of Ukrainian accounting software - suggesting an attacker focused on Ukrainian targets. Logistics firm FedEx says deliveries by its TNT Express subsidiary have been "slowed" by the cyberattack, which had "significantly affected" its systems.

WPP is still reeling from the global ransomware attack that was unleashed Tuesday.