Petya cyber attack causes turmoil across the globe

A massive ransomware attack has hit computers and servers across the globe causing turmoil in its path. Here’s what we know so far.

How did it start?

The attack first shut down operations in Russia — including at Russia’s biggest oil company — and Ukraine before spreading to computers in Romania, the Netherlands, Norway, France, Spain, and Britain.

In a matter of hours, the attack had gone global, hitting the US and India.

Now, it’s also understood some businesses in Australia — including the Cadbury chocolate factory in Hobart — are also affected.

How does it work?

It’s believed the latest attack might be a ransomware virus called Petya and hidden in an innocuous document sent through email.

It freezes a user’s computer until a “ransom” is paid in virtual currency bitcoin.

The attack seemed to be in Europe, Russia and reaching the US.

“It spreads apparently by having a ‘bad’ instruction — like a small piece of computer code — hidden inside a Word or PDF document,” Professor Slay, director of the Australian Centre for Cyber Security at UNSW said.

“This bad instruction attacks a Windows operating system basically taking over a computer — in this case it seizes the files and encrypts them and then the bad guys ask for money to decrypt — this means you cannot open or read your own files.”

It’s also been suggested to have used the same tactics as the Wannacry attack last month. The source is still unknown. And even if people pay a ransom through bitcoin, it’s virtually untraceable.

“It is being suggested that the roots of this are in the Ukraine,” Professor Slay said.

“This is the kind of issue that investigators have determined from the fact that original accompanying emails are written in Russian and Ukrainian.”

Will this latest attack have ramifications for businesses and should they pay the ransom?

Professor Slay said it remained to be seen whether they should pay up.

“We don’t know whether they really do decrypt if the price is paid,” she said. She said even if they haven’t been hacked, businesses should do the due diligence and be prepared.

“They should update all Windows systems if not updated and make sure all critical files are backed up,” she said.

“Businesses should also have a look at control systems which may not get fast updates since this virus seems to be attacking control systems [electricity, transport etc].”