The cyber-attack spreading from Russia and Ukraine to Europe and the US is “more dangerous and intrusive” than WannaCry, the ransomware that debilitated FedEx and Britain’s National Health Service, Singapore’s Computer Emergency Response Team (Cert) has warned.
The NotPetya ransomware hampered Russia’s biggest oil company Rosneft, Ukraine’s banks, shipping company Maersk and the advertising agency WPP. The New York Times reported that the law firm DLA and health-care provider Heritage Valley Health Systems were also suffering from the virus.
Staff at Ogilvy and Mather Group Singapore, Cohn and Wolfe Singapore and Fitch Design Singapore were reportedly told not to turn on their office computers with some being forced to work from home.
“Businesses and the public are advised to fully patch their Windows systems, update their anti-virus software, backup their files offline and not to click on suspicious links or attachments,” Cert said.
Cert alerted the city-state on Tuesday to dangers of NotPetya, which was inspired by WannaCry. The agency warned that NotPetya encrypted whole computer hard-drives rather than individual files and applications, which was how WannaCry operated.
The name NotPetya comes from the fact that it shares code with an earlier ransomware strain called Petya, but it was “a new ransomware that has not been seen before”, said security researchers at Kaspersky Lab.
The authorities said there were no reports of the virus affecting Singapore yet.
None of Singapore’s 11 critical information infrastructure sectors or government agencies were affected, the government said. But tech specialists warn that the worst is not over, with systems worldwide still getting infected.
“The Singapore government is closely monitoring the global situation. GovTech [the Government Technology Agency] has put in place a range of measures which minimises the likelihood of government systems being infected by malware, including ransomware,” the authorities announced.
NotPetya attacks computers running Microsoft’s Windows by encrypting hard drives and overwriting files, with US$300 in bitcoin payments required to restore access.
Cert said the ransomware was based on the EternalBlue exploit, which was also used by WannaCry and was suspected to have been stolen from the US National Security Agency and released by the hacking group known as the Shadow Brokers.
“Petya spread via email spam with booby-trapped [Microsoft] Office documents. The documents, once opened, will download and run the Petya installer and execute the Server Message Block worm to spread to other computers,” Cert warned.
Picture credit: Pixabay