Petwrap ransomware virus has no "kill switch" or "weaknesses": Australian expert

Source: Xinhua| 2017-06-28 16:22:51|Editor: ying
Video PlayerClose

SYDNEY, June 28 (Xinhua) -- All Australian companies are vulnerable if their computers aren't patched, a cyber security expert warned on Wednesday, as the race begins to protect against the latest global ransomware attack Petwrap.

Just weeks ago the world was gripped by a mysterious computer virus known as "WannaCry," which infected 300,000 computers in 150 countries and wreaked havoc some of the world's largest companies.

Australia woke up to a similar new attack Wednesday.

Some of the organizations were hit include Russia's largest oil company Rosneft, Ukraine's international airport and power grid, global shipping firm A.P. Moller-Maersk, the UK offices of the world's biggest advertising agency WPP, a number of Russian banks, the German postal service and India's Beiersdorf AG, the maker of Nivea skincare products.

So far in Australia, the Cadbury Chocolate factory and global law firm DLA Piper are the only business to have been affected, but this number is expected to rise according to National Surveillance and Intelligence Managing Director, Navid Sobbi.

"It exploits vulnerabilities in unpatched windows operating systems," Sobbi said.

"That allows it remote access into computers and once it does this, the Petwrap virus begins scheduling tasks to run in the background, it also uses a code that allows it to spread via the windows file sharing service S&B with the current user's credentials allowing it to copy itself."

"It does this by stealing the login information of the computer it infects and attempts to use this information to spread through the local network it's on," Sobbi said.

The virus blocks all access to the users files and displays a ransom message that demands 300 U.S. dollars worth of the cryptocurrency, Bitcoin, be paid.

But according to Sobbi, it appears even if the users pay, the virus still won't return the files.

Although similar to the WannaCry virus, Petwrap (NotPetya or GoldenEye) is actually just a new variant of the 2016 virus Patya, Sobbi said.

"It employs the same exploits as WannaCry, but so far there is no kill switch found in it and there has been no weaknesses, unlike WannaCry."

But even with protection and computer security precautions, there are still dangers if users are not careful.

"If computers are patched it does secure the computer from being infected, however it does depend on the user itself," Sobbie explained.

"The user will have to ensure they don't click on any suspicious links or download any files."

So far, it remains unclear where the virus originated from or who is responsible.

The Australian government said it is monitoring the unfolding situation closely.