Petya-Ransomware a threat to Zimbabwe


ZIMBABWEANS should be wary of the latest global cyber-attack dubbed Petya-Ransomware that left some major companies offline in Europe and Asia on Tuesday.

Zimbabwe Information Communication Technologies (ZICT) chairman Jacob Mutisi warned local computer users to be cautious when dealing with e-mails as a measure to safeguard their systems in the wake of Petya-Ransomware which, within hours, disrupted public and private systems on a large scale in Ukraine where it derailed government business, the Netherlands, France, Spain, Britain, the United States and India.

“The attack first shut down operations in Russia, including at Russia’s biggest oil company and Ukraine before spreading to computers in Romania, the Netherlands, Norway, France, Spain and Britain. Now it’s also understood some businesses in Australia including the Cadbury chocolate factory in Hobart are also affected,” said Engineer Mutisi in a statement released.

In a follow-up interview Engineer Mutisi said so far no locals, individuals or companies had raised flag but urged users to be on the lookout as people would generally keep quiet despite falling victims to computer hacks.

“People should open attached documents that are obvious and something they are expecting. Some locals never reveal that they are attacked, why I don’t know,” said Engineer Mutisi.

By the time of writing no reports had been raised from Africa. Engineer Mutisi said the cyber-attack spreads through email and comes in the form of “an innocuous” or ordinary document, which once opened, freezes the user’s computer until ransom money is paid in virtual currency.

Meanwhile MailOnline reports that business had been disrupted at major companies such as Rosneft, Merck and AP Moller-Maersk including derailment of banking and government systems in Ukraine, claiming the attack was similar to the infectious WannaCry, a cyber-attack which tainted thousands of computers in about 150 countries last month. The publication also quoted the International Police Organisation (Interpol) saying the intergovernmental organisation which facilitates international police cooperation was “closely monitoring” the hack and communicating with member countries.

Technical information:

Technically, ZICT says that the current attack is targeting Windows systems through client and network attacks.

Says ZICT: “The ransomware is spreading using a pseudo client-side and network service attack of a modified version of the WannaCry worm and loader. It is based on MS17-010 and CVE 2017-0199 using multiple attack vectors which may include spreading via un-patched MS17-010 systems as per other ransomware, spreading via malicious RTF documents in Office that can download and run malicious VBscript and spreading to other hosts using inherited credentials as the user it is running as and connect to other Window machines using WMIC (Windows command-line control over WMI).”

Petya-Ransomware also disguises itself as a check-disk scan tool (CHKDSK) pretending to be checking for and fixing system errors but in the process cyphering the victim’s drive taking all data under hostage.

ZICT therefore recommends information technology experts “to urgently patch for MS17-010 & CVE 2017-0199, update email scanning engines to detect malicious scripts in RTF documents and notify users to be careful of email attachments with RTF extensions and or not to open suspicious looking attachments.