An Egyptian cabinet thinktank issued a warning late on Tuesday about a global ransomware attack called Petya that has hit a number of multinational companies and organizations in the past few days, the second such attack in the past two months.

Petya utilizes the same vulnerability in Microsoft Windows as the WannaCry ransomware, which attacked computers in May, blocking users from accessing their files until a ransom of $300 is paid, the cabinet’s Information and Decision Support Center (IDSC) said in a statement on its Facebook page.

IDSC advised both insitutions and individuals using PC systems to make sure they are installing the latest Windows update designed to correct this vulnerability.

The IDSC also advised against downloading folders from unknown sources, and suggested conducting offline backups of data.

“The upcoming wars will be economic, social, political and information-related and a large part of them will be via the internet, and therefore caution has become necessary, along with awareness and prevention, for all public institutions and society,” the statement concluded.

The statement added that the hacking tools used in the attack were leaked by a group called Shadow Brokers, which stole them from the United States’ National Security Agency (NSA).

On Tuesday, NSA whistleblower Edward Snowden said that the Petya ransomware attack was made possible by a vulnerability in Windows software that the NSA had been secretly making use of for years as part of its spying operations.

"If you're a journalist writing about this, remember this worm spreads based on a vulnerability NSA kept unfixed for years," Snowden said via Twitter.

On Wednesday, the Associated Press reported that the Danish shipping giant A.P. Moller-Maersk was hit by the malicious software but has since "contained the issue".

AP added that the malicious software appears to have been sown in Ukraine, where it badly hobbled much of the government and private sector on the eve of a holiday celebrating a post-Soviet constitution.

Hospitals, government offices and major multinationals were among the casualties of the ransomware payload. The ransomware affected companies in Australia and India.

Meanwhile, in the United States, it affected companies such as the drugmaker Merck and food conglomerate Mondelez International.

https://english.ahram.org.eg/News/271683.aspx