India has been the worst hit country in Asia and the seventh most affected country by the Petya ransomware attack that disrupted systems across the globe, according to security firm Symantec. The Ukraine tops the list as the worst affected country of all, followed by the US, Russia, France, UK, Germany and India.
Petya has been in existence since 2016. “It [Petya] differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR),” Symantec wrote in a blogpost.
The new malware is suspected to have links to the previously launched ransomware attack WannaCry.
According to Symantec, the malware may have started through corrupted updates on a piece of Ukrainian tax-filing software MEDoC. “After gaining an initial foothold, Petya then uses a variety of methods to spread across corporate networks,” wrote Symantec.
In another blogpost, Microsoft’s findings also confirmed some of the initial infections occurred when malware was transmitted to users of a Ukrainian tax software programme called MEDoc.
However, MEDoC denied the claims in a Facebook post saying, “Team MEDoc development denies this information and claims that such a conclusion - clearly erroneous because MEDoc developer, as a responsible supplier of software, monitors the security and cleanliness of your own code.”
Symantec said that Petya has the ability to self-propagat and it does this by building a list of target computers and using two methods to spread to those computers, IP addresses and credential gatherings.
Symantec is recommending users to not pay the ransom, particularly as there is no evidence that files will be restored and keep their Windows software updated.