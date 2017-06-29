According to a recent report released by Symantec revealing the list of top 20 countries based on their number of affected organisations by Petya ransomware, India is the seventh most affected nation after Ukraine, US, Russia, France, UK and Germany. It is also reported to be the worst hit in Asia.

After Wannacry Ransomware that was targeting individual users, Petya ransomware is affecting organisations and is spreading using network techniques. It just needs a single fault in the network. If the Microsoft Patch has not been applied to a single machine on the network, it can easily infect other computers on the network.

According to Symantec blog, MEDoc, a tax and accounting software package, is used for the initial insertion of Petya into corporate networks. MEDoc is widely used in Ukraine, indicating that organisations in that country were the primary target. However, organisations in India are also affected. It was reported that one of the terminals at the Jawaharlal Nehru Port Trust has been impacted by the latest malware attack.

Attackers are demanding a payment of $300 worth of Bitcoins and asking users to send notification of payments to a single email address. Once the notification was received, the hacker would send 60 character code to unlock the encrypted files.

However, the user account on which victims were supposed to send notifications has been blocked and there is no way consumers can send emails to the hacker. As a result, it is being assumed that Petya is not a Ransomware but a wiper that can damage and destroy files.

It is suggested post infecting the computer, Petya ransomware waits for about an hour before rebooting the system. According to Hacker Fantastic's Twitter post, "If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine." And as there is no way to receive the decryption key, one should format the hard disk and reinstall all the files from the latest backup.

