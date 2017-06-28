SINGAPORE: The international cyberattack, currently spreading from Russia and Ukraine to Europe and the US, is "more dangerous and intrusive" than WannaCry - the ransomware that hobbled institutions such as FedEx and Britain's National Health Service, the Singapore Computer Emergency Response Team (SingCERT) said on Wednesday.

The Petya ransomware disrupted computers at Russia's biggest oil company Rosneft, Ukrainian banks, as well as global firms such as shipping company Maersk and advertising agency WPP. The New York Times reported that in the US, DLA Piper, a multinational law firm, as well as a Pennsylvania healthcare provider Heritage Valley Health Systems, were hit by the virus.

In an advisory posted on its website on Wednesday, SingCERT said it was alerted on Tuesday to the global spread of Petya, which is inspired by WannaCry. It is more dangerous and intrusive as it is programmed to encrypt the Master File Tree tables for NTFS partitions and overrides the Master Boot Record (MBR) with a custom bootloader to display a ransom note and prevents victims from booting up, it said.

In other words, Petya encrypts one's entire hard-disk on the computer, rather than individual files and applications, which was how WannaCry operated.



The ransomware crippled computers running Microsoft's Windows system by encrypting hard drives and overwriting files, then demanded US$300 in bitcoin payments to restore access.



SingCERT said the latest ransomware is based on the EternalBlue exploit, which was also used for WannaCry. The exploit is widely believed to have been stolen from US' National Security Agency and released online in March by the hacking group known as the Shadow Brokers.

"Petya spread via email spam with booby-trap@kkped (Microsoft) Office documents.The documents, once opened, will download and run the Petya installer and execute the Server Message Block (SMB) worm to spread to other computers," SingCERT said.



It added that the following Microsoft operating systems are currently suspected to be vulnerable:

Windows 10

Windows RT 8.1

Windows 8.1

Windows 7

Windows XP

Windows Vista

Windows Server 2016

Windows Server 2012 and Window Server 2012 R2

Window Server 2008 and Windows Server 2008 R2

SingCERT advised all users and companies with these affected systems to ensure they are fully patched, antivirus software is updated with the latest malware definitions and perform file backups and store them offline in case they need to restore their systems following an online attack.

Channel NewsAsia has reached out to the Cyber Security Agency to find out if any organisations here have been affected by this latest round of ransomware attack.