Communications Authority of Kenya (CA), through the National Kenya Computer Incident Response Team Coordination Centre (National KE-CIRT/CC), has received reports of a ransomware attack dubbed "Petya" and is advising the public and organizations to put in place several preventive measures.
The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom. Petya spreads rapidly through networks that use Microsoft Windows.
"The ransomware virus, is similar to the WannaCry ransomware virus that massively attacked computers across the world in May this year. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee restoration of access," said Director General, Communications Authority of Kenya, Mr. Francis Wangusi in a statement.
The Authority is, therefore, advising the public and organizations to put in place the following preventive measures:
i. Ensure that you keep an up-to-date back up of your important computer files offline. This will ensure that in the event your computer is attacked, you can restore your files from the backup.
ii. Ensure that your computer's Operating System (OS) is updated. This is especially for users running the Windows operating system in their computers, which is the main target of this particular cyber attack.
iii. Ensure that your anti-virus is up-to-date.
iv. Avoid clicking on links or opening attachments or emails from people or sources you don't know or companies you don't do business with.
v. Be alert when opening emails especially if they contain links or attachments. You should also take special attention of any email attachment that advises you to enable macros to view its content. Unless you trust the source, do not enable macros and instead delete the email immediately and permanently.
Petya first appeared this morning and has been spreading around the world, mainly infecting businesses and government agencies and departments in the Ukraine and Russia, but there have been increasing reports of businesses in other countries also being compromised, with reports filtering in from the US, UK, Germany, Switzerland and Holland, as some examples.
Once infected, the virus encrypts each computer to a private key, rendering it unusable until the system is decrypted. The program then instructs the user to pay the $300 ransom to a static Bitcoin address, then email the bitcoin wallet and personal ID to the email address, which is now blocked.
There is some confusion over the origins and nature of Petya, with some reports suggesting there are similarities to WannaCry and that it utilizes the #ETERNALBLUE SMBv1 worm functionality.
More work is needed to investigate the way the virus propagates; in the meantime businesses are urged to ensure their software is up-to-date and all files backed up.