Homeland Security Warns as Petya Ransomware Infects Computers Around Globe

The first infections in Ukraine — more than 12,500 machines encountered the threat. - Microsoft

The United States Computer Emergency Readiness Team (US-CRET) has issued an alert of the ransomware Petya that is infecting computers around the world. Petya is a type of malware that is taking the world by storm by encrypting files and demanding a payment of bitcoins in order to restore the stolen files.

A spokesperson from Microsoft has stated "We saw the first infections in Ukraine — more than 12,500 machines encountered the threat. We then observed infections in another 64 countries, including Belgium, Brazil, Germany, Russia, and the United States." It is highly speculated that the ransomware Petya is a new variant of an older attack that had initially appeared last spring.

Traces of the initial infection can be followed back to a Ukrainian accounting software from a company call M.E.Doc. Microsoft also claims of "evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process."

Petya is still active affecting ATMs and airports in Ukraine and halting international business. It is very reminiscent of the ransomware WannaCry, which debuted in the past month, which reeked havoc in more than 150 countries. Both malwares are ransomware in which a payment of $300 in Bitcoins are demanded in order to recover encrypted files.

Cybersecurity experts around the world are racing to discover a method of stopping Petya as there is no known kill switch. Until then it is recommended that if infected that users refrain from paying the ransom as it increases the likelihood of these attacks occurring again in the future.

The Department of Homeland Security has released the following statement on their website:

"US-CERT has received multiple reports of Petya ransomware infections in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010(link is external). For general advice on how to best protect against ransomware, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3)."