Begin typing your search...

    Ransomware 'Nyetya' behind new global cyber-attack: Cisco

    The new cyber attack started massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and now spreading to Asia and Australia on Wednesday.

    Ransomware Nyetya behind new global cyber-attack: Cisco
    X
    Screenshot of a system compromised by Nyetya

    Other City

    The computer virus that is affecting companies and institutions around the world is a new variant of ransomware called Nyetya -- WannaCry's bad cousin -- according to networking and security major Cisco.

    The malware has three mechanisms used to propagate once a device is infected:
    * EternalBlue - the same exploit used by WannaCry.
    * Psexec - a legitimate Windows administration tool.
    * WMI - Windows Management Instrumentation, a legitimate Windows component.
    Cisco's Talos cyber security division reported that its research shows that this strain of computer virus "uses the same Eternal Blue exploit - a vulnerability used by the US National Security Agency (NSA) - and other weaknesses of Microsoft's operating system to spread", Efe news reported. 
    Nyetya is also very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them, said Talos cybersecurity executive Craig Williams.
    However, in the case of the virus emerging on Tuesday, which is quite "different" from the Petya virus, its infection "will spread very quickly if the 'bad guys' behind it decide to do so," Williams said.
    On Wednesday, several companies in the Asia Pacific region, like the Mondelez owned Cadbury chocolate factory in Hobart, Tasmania, and the global law firm DLA Piper were affected.
    The Hong Kong website of DLA Piper published an important note to clients saying "We are currently dealing with a serious global cyber incident" adding that "we have taken down our systems as a precautionary measure which will mean you are currently unable to contact us by email or landline."
    According to Cisco, Nyetya is "WannaCry's bad cousin" and "initial vector identification has shown that the virus is more defiant."
    Williams ruled out that "an e-mail vector" was the initial propagation factor. Some of the affected companies and institutions have claimed that the virus has disabled their e-mails and, therefore, prevented them from contacting the cybercriminals to recover their information after their computers were disconnected.
    The threat does not have "a known, viable external spreading mechanism - such as the Internet," so "it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc", according to Williams.

    Visit news.dtnext.in to explore our interactive epaper!

    Download the DT Next app for more exciting features!

    Click here for iOS

    Click here for Android

    migrator
    Next Story