30 June 2017 08:26:15 IST

India among top 10 victims of Petya ransomware attack

Ranked seventh in terms of number of victims

The worst fears of cyber experts have come true with the Petya ransomware attack rattling several countries, including India. Though experts and governments are yet to compile a list of attacks, internet security solutions firm Symantec has ranked India seventh in terms of number of victims.

In India, about 20 organisations have fallen prey to the ransomware; in Ukraine, it is 140 and the US, 45.

Giving a list of the top 20 countries that have been affected by the ransomware, Symantec said MeDoc, a tax and accounting software package, was used for the initial insertion of Petya into corporate networks. “MeDoc is widely used in Ukraine, indicating that organisations in that country were the primary target. After gaining an initial foothold, Petya uses a variety of methods to spread across corporate networks,” it said in an update on the attack.

Sivarama Krishnan, Partner, and Leader - Cyber Security, PwC India, asked users not to restart a machine if a critical system has an unexpected, sudden shutdown. “It might be infected. If you don’t restart the system, there is a possibility of recovering data using forensic methods,” he said.

Almost all cyber security firms and experts have one piece of advice — don’t pay the ransom as there’s no evidence of your files being restored.

Prime targets

According to Paladion Networks, the prime targets in the latest attacks are governments, harbour terminals, airports, electricity grids, banks, factories (mining and steel), insurance companies and pharmaceutical industries.

“For now, Petwrap (another name for Petnya) appears to be more sophisticated. The ransomware could be lethal as it encrypts the master boot record and hard drive, making it quite impossible to recover individual files once the entire hard drive is encrypted,” said Amit Jaju, Executive Director (Fraud Investigation and Dispute Services), EY India. While the total encryption process may take over an hour to complete, even a 10-minute window could be sufficient for the ransomware to make the entire hard drive unusable.

(With inputs from Venkatesh Ganesh in Bengaluru.