Malware 'Petya' Creates Yet Another Need for Virus Protection
Another widespread cyberattack struck computer systems across Europe and the United States last week. This malware, named Petya, holds intruded computers and its stolen information for ransom in exchange for payment, much like last month’s WannaCry cyberattack. Among companies experiencing symptoms due to Petva included Danish shipping giant Maersk; Russian energy corporation Rosnef, French construction materials company Saint-Gobain, British advertising agency WPP, US drug company Merck, and multinational law firm, DLA Piper. Experts at computer security company Sysmantec reported that the new attack used a hacking tool that was stolen from the National Security Agency, which was also used in WannaCry and its newer version, Eternal Blue. A patch was released by Microsoft in April to address the operating system vulnerability targeted by Eternal Blue. Experts advised all companies and individuals to update and install the patch to protect their computers and networks from cyber intrusions. However, many failed to do so. “Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” Radware’s Vice President of Security Carl Herberger, explained to The New York Times. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”
Simply installing updates of both operating systems and antivirus software may not be enough anymore, advised Chris Hinkley, a researcher at security firm Armor, to The New York Times. In fact, he stated that the Petya attacks could be worse than WannaCry because this version of ransomware encrypts and locks entire hard drives, rather than a user’s individual files. Only 16 out of 61 endpoint antivirus software packages are able to detect this type of ransomware, according to virus analysts VirusTotal. It is becoming increasingly important for companies to invest in more cybersecurity products, such as cyber risk assessment products and cyber insurance, to mitigate the risks in case their operating systems and networks fall prey to any cyberattacks in the future.