Danish logistics and container transport firm Maersk’s global ransomware attack has affected its control terminal in India which is located at Jawaharlal Nehru Port Trust (JNPT) in Mumbai. As per a government statement, the private terminal assigned to Maersk has been affected by a ransomware attack, and not its domestic terminals. This means that the cyber attack was not targeted at the Mumbai port, but merely a consequence of hackers targeting Maersk’s global operations.
A Reuter report pointed out that Maersk’scomputer systems were hit by the global Petya cyber attack, delaying shipments and order processing systems. Around 76 terminals run by the conglomerate at different ports in the country have been affected including in the United States, India, Spain and the Netherlands. Petya ransomware largely swept Europe this week and as per media reports, the ransomware Petya is more than holding ransom and collecting money.
Apart from this, UK’s WPP Group, an advertising and publishing company were also affected by the global cyber attack and seems like the company’s India unit has also been affected. Employees at WPP owns offices in India— GroupM, Maxus, Mindshare, Mediacom, MEC, JWT India, O&M, and Genesis BM—have received warning messages today asking them to turn off all Windows operated computers, according to Economic Times.
Petya is more than a ransomware: Researchers
According to a Securelist report, Petya encrypts files on a computer and asks the user to pay $300 in ransom to receive decrypt keys. It was originally discovered in May 2016 by Kaspersky Lab. It not only encrypts data, but also overwrites a hard disk drive’s master boot record (MBR); this means infected PCs cannot boot their original operating system but rather a malicious code that prompts a command window. The report adds that Petya is more than ransomware, it’s a tool which can be classified as “Ransomware-as-a-Service model”.
Hackers simply put their malicious code on a packaged software or an online product which is already running on machines. This is done using a Windows exploit called ‘EternalBlue‘. Once infected, it spreads and distributes itself to neighbouring networks and PCs. The nature of this cyber attack has raised eyebrows since there is a possibility that hackers are targeting not only profits in form of ransom, but also destroying files.
In many instances, machines infected with Petya were not able to decrypt files, even after the ransom payment was made to the original attacker via bitcoins, reports The Verge. A Bitcoin address associated with the attacker (tip: TheVerge) shows that as of 12:30 IST, 45 successful incoming transactions have been made. A total of 3.99009155 bitcoins were received by the attacker, which translates to just over $10,000. The Securelist report also points out that hackers using Petya placed “protection mechanisms” into their malware (software pretending to be legit) to stop other hackers from duplicating the malware code.
Here is more reading to understand how to protect systems against such an attack.