Singapore authorities issue alert on Petya ransomware

The country’s emergency response team has called for users to boost their cyber defences as the Petya ransomware rages through IT systems in Asia and Australia

Singapore’s computer emergency response team (SingCert) has issued an alert in response to the Petya ransomware attack that has affected organisations around the world.

In a statement today, SingCert said Petya is more dangerous and intrusive than the WannaCry ransomware, as it encrypts critical system files and prevents victims from booting up unless a ransom is paid.

Petya also takes advantage of the EternalBlue exploit that targets the Windows server message block (SMB) vulnerability for which a patch has made available by Microsoft since March 2017.

SingCert said Petya is distributed via spam emails that contain “booby-trapped” Microsoft Office documents, which once opened, will download and run the Petya installer and execute the SMB worm to spread to other computers.  

SingCert advised all users and companies with affected systems to ensure that their Windows operating systems are fully patched.

It also called for users to ensure that their anti-virus software is updated with the latest malware definitions. They should also perform file backups and store them offline in case they need to restore their systems following an attack, it added.

In Asia, operations at India’s largest container port Jawaharlal Nehru Port were affected by the latest ransomware attack, according to Indian news agency Press Trust of India.

Read more about ransomware

  • While ransomware continues to make the headlines, particularly in the wake of WannaCry, research has revealed that financial threats are 2.5 times more prevalent.
  • Ransomware is one of the most popular cyber attack methods, but WannaCry could potentially change this, said Rik Ferguson of Trend Micro, speaking in his capacity as cyber security advisor to Europol.

The port is operated by AP Moller-Maersk, which has acknowledged that the attack had affected IT systems across multiple sites and business units.

“We are responding to the situation to contain and limit the impact and uphold operations,” it said. “We continue to assess and manage the situation to minimise the impact on our customers and partners.”

A Cadbury chocolate factory in Australia was reportedly hit as well, with production grinding to a halt, according to news reports.

The Australian Cyber Security Centre said it is working to confirm reports of two affected companies in Australia and that it is reaching out to offer assistance. “We are working with our international counterparts to understand the scope and impact,” it said.

If the earlier WannaCry attacks are any indication, the Petya ransomware could potentially be spread worldwide within the next 72 hours, according to a spokesperson from Singapore-based backup software company Acronis.

The rise of ransomware as a service

He added that the Petya variant of ransomware also underscores the rise of ransomware as a service.

“While there is still some debate as to whether it is a variant of Petya, GoldenEye, or a new version of WannaCry, we can be sure that it was definitely not from the original author of the Petya variant of ransomware. This means hackers actually purchased the source code and used the models to create the attack,” he said.

“While the potential payouts from victims can amount in the millions, the actual ransomware is incredulously cheap, between $50 to $150, depending on per usage or the actual ransomware source code. The authors then offer their ransomware on the dark net, and offer a generous portion of the paid ransom amount to potential distributors, while the author pockets the rest,” he said.

Read more on Hackers and cybercrime prevention