KUALA LUMPUR: The sophistication of ransomware NotPetya outstrips that of the earlier WannaCry, according to cybersecurity experts.
It capitalises on the same vulnerabilities as WannaCry but is more potent than its counterpart, which held the cyberworld hostage last month.
The outbreak, which began late Tuesday, was reported to have infected government agencies, banks and state power utilities in Ukraine, as well as an international advertising agency based in Britain.
Other prominent victims include international shipping firm Maersk, F&B giant Mondelez International, Russian oil and gas company Rosneft, and the Indian unit of pharmaceutical company Reckitt Benckiser.
Security company Kaspersky Lab said about 2,000 systems worldwide were affected, although local cybersecurity firms claim that NotPetya has yet to hit Malaysia.
C.F. Fong, founder of Malaysian cybersecurity firm LGMS, said that unlike WannaCry which encrypts files on devices, NotPetya locks up the Master File Table, preventing access to the entire hard drive.
“This makes it more potent and dangerous than WannaCry,” he said.
Once their systems are hit, victims cannot access the files and the attackers demand a ransom of US$300 (RM1,290) in Bitcoin to unlock the affected system.
International cybersecurity firm FireEye’s head of global media relations Patrick Neighorn pointed out that the malware was smart enough to extract credentials such as usernames and passwords from a machine and use them to infect other computers in the same network.
“It is quite a sophisticated tool,” he said in a telephone interview.
FireEye’s systems have detected attacks in Australia, the United States, Poland, the Netherlands, Norway, Russia, Ukraine, India, Denmark and Spain, he added.
However, he said its global impact has been “overstated”.
“It is quite targeted in Ukraine,” Neighorn said, adding that it was hard to say if the outbreak would escalate to WannaCry’s level, where reportedly more than 230,000 computers in over 150 countries were infected.
Local cybersecurity firm Netmarks Technology (Malaysia) Sdn Bhd issued an advisory to all its clients, mainly in the logistics, retail and manufacturing sectors, to keep their Windows operating system as well as their antivirus solutions updated to the latest patch.
Its sales director Simon Khoo said no client had reported any infection yet.
According to global management consulting firm Accenture, the attackers claimed to have received more than US$8,000 (RM34,400) so far.
Accenture also reported that the e-mail address to which the victims were asked to send proof of payment had been shut down by Posteo, the German e-mail provider.
Like Wannacry, NotPetya used a vulnerability in Microsoft Windows called EternalBlue for its attack.
The EternalBlue exploit was said to have been developed by the US National Security Agency.
Legacy Windows operating systems such as Windows XP and older did not receive regular security patches from Microsoft, and enterprises that relied on them easily fell victim to ransomware.
Most security firms advised users to update their Windows PCs with the latest security patches, and install reliable security software.
They also recommended users have multiple up-to-date backup copies so that infected PCs could be easily restored.
Microsoft released a patch in March to protect against the vulnerability on its Windows XP system.
Earlier this month, it issued more patches for older Windows systems, citing the “elevated risk for destructive cyberattacks”.
FireEye’s Neighorn noted that consumer options were “limited”, unlike big businesses with more resources at their disposal.
“The usual advice applies, such as not clicking on suspicious e-mail attachments, and to ensure your software is up to date.
“The important thing is to make sure you have backup data stored offline, which can be used to restore your data in the event of infection,” he said.
Did you find this article insightful?