India is on the top 10 list of countries to be hit by Petya ransomware attacks, with the country faring worst while zooming down to the Asia Pacific (APAC), cyber security firm Symantec said in a blog post. Globally, India took the 7th spot with less than 20 organisations being affected as per the company’s analysis.

As of now, only two companies in India have reported the infections. These include Maersk’s control terminal in India which is located at Jawaharlal Nehru Port Trust (JNPT). UK’s WPP Group, an advertising and publishing company were also affected by the global cyber attack and subsequently, the company’s India unit has also been affected.

Update: An Economic Times report said that a user named Giriraj Deshpandey, filed a complaint with Thane police station (Mumbai) claiming that his system was taken over by the Petya ransomware. The complaint was filed against “unknown people”.

Here is what other security firms and media reports point out:

Initial targets: As per an initial Windows Security report, the first attacks were seen in Ukraine with more than 12,500 systems being affected globally in 64 countries. Other initial counties affected include Belgium, Brazil, Germany, Russia and the US.

Europe was the “worst” hit: As per ESET, Ukraine took 75% of the global share in terms of Petya attacks. Followed by Germany (9.06%), Poland (5.81%), Serbia (2.87%), Greece (1.39%) among other European countries. Rest of the world took 2.94% share globally.
Target companies and organizations: As per this Wordfence report, Ukrainian state’s power generation unit, Antonov Aircraft (Ukraine’s military cargo) and Kiev (capital of Ukraine) airport were the first targets. Chernobyl nuclear plant was forced to monitor their radiation levels manually, after their Windows systems were infected. Other companies include Maersk, WPP Group, Modelez (makers of Orea and Toblerone), Netherlands based shipping company TNT, St. Gobain (construction), Merck (pharmaceutical), law firm DLA piper, Heritage Valley Health System in US (hospital).

How it stacks up against WannaCry: More than 200,000 users in 150 countries were affected by WannaCry initially. The total number of users hit shot up to 300,000 within 3 days. Most affected countries include UK, Russia, China, India, among others. WannaCry demanded a ransom of $600, while Petya demanded a ransom of $300. However, both the ransomware attacks are developed differently, and even targeted differently.

Do not pay the ransom: Researchers

As we pointed out yesterday, Petya is more than a cyber-attack or just any other ransomware attack. It was targetted specifically to weaken systems belonging to huge organisations and companies. The Symantec report confirms that a Windows exploit called ‘EternalBlue’, which was first revealed in the NSA leaks in April this year, was the mode of infection for both Petya and WannaCry. The first instance of the infection was found in MEDoc, a legitimate tax and accounting software. The corporate software is widely used in Europe. After infecting the first system, it simply spreads to other systems in the network. Once infected, Petya shuts off your normal booting mechanism and instead boots a command prompt window, asking users to send $300 to a bitcoin address and consequently sending a confirmation mail wowsmith123456@posteo.net with a unique identifier.

But researchers are now warning users asking them not to pay. According to this Motherboard report, Posteo, the German email provider had shut down the above account associated with the attackers. In many instances, machines infected with Petya were not able to decrypt files, even after the ransom payment was made to the original attacker via bitcoins, reports The Verge. A Bitcoin address associated with the attacker (tip: TheVerge) shows that as of 10:24 IST, 46 successful incoming transactions have been made, with the latest transaction being made yesterday at 16:34 GMT.

Image Credits: Symantec, and ESET.

Corrigendum: An earlier version of the story referred to 20 “organizations” as 20 “systems”; this error has now been corrected to read as “20 organizations in India”. We apologize for the error.