Petya ransomware attack: JNPT, other Indian firms affected

Impact on more Indian companies is still being observed

The nation’s largest container port, Jawaharlal Nehru Port (JNPT), near Mumbai was hit, along with local manufacturing units of global companies, by ransomware Petya, the government confirmed on Wednesday.

At least one terminal operated by APM Maersk at the busy JNPT was under attack since Tuesday night, affecting cargo movement. Other firms that reported similar attacks were advertising giant WPP, chocolate maker Mondelez, Beiersdorf, and consumer goods major RB. 

The recent wave of cyberattacks, first reported in Ukraine on Tuesday, uses tools similar to WannaCry, a ransomware that had hit systems across the world a few weeks earlier. Top information technology (IT) security firms have warned that Petya was particularly potent, using a number of techniques to spread across a network after infecting the first system.

Union IT Minister Ravi Shankar Prasad has maintained the government was on high alert to deal with the developing situation and there was no large-scale impact yet. The Goods and Services Tax Network, the IT backbone for the biggest tax reform, set for a July 1 roll-out, said its systems were safe.

On Wednesday, National Cyber Security Coordinator Gulshan Rai rushed to JNPT to deal with the attack there. The shipping ministry said in a statement that along with local authorities, it was trying to ensure minimum disruption in services. Engineering Export Promotion Council (EEPC) of India said this would hurt exports. “Our shipments got delayed at JNPT. With over a dozen countries affected, the impact would be serious. There would be clogging of cargo.  The cyber attack has come at a time when Indian exports were on a revival path,” said T S Bhasin, chairman, EEPC.

The impact of the ransomware on operations of local units of some global companies was more evident.

Work at WPP’s media arm GroupM came to a halt, with IT teams assessing the damage. Sources said the agency did not issue release orders on Wednesday. WPP said, “IT systems in several [group] companies have been affected… We are assessing the situation, taking appropriate measures.”

Chocolate maker Mondelez, too, found its IT systems under attack.

A spokesperson for Mondelez International said, “We continue to work quickly to address… the IT outage across Mondelez International and to contain any further exposure. Our teams are working offline in an effort to maintain business continuity.”

Systems at Beiersdorf and RB were also reportedly under attack. They did not issue any statement or answer queries.

Cyber security experts said companies that did not use hi-tech systems were more vulnerable.

“These companies have a lot of legacy Microsoft software, usually ignores as they are used for simpler jobs such as data entry,” said Rakesh Kumar Singh, data centre lead, Juniper Networks India.

Experts said the ransomware was released as email attachments. These would use old Windows software to spread across computers and servers. Microsoft had issued patches to upgrade software. The virus encrypts the hard disk of a computer and demand ransom, to be paid through cryptocurrency bitcoin. The US National Security Agency (NSA) was the first to identify the virus, leaked in the dark web. 

“Petya ransomware started propagating yesterday (Tuesday). Like WannaCry, Petya uses the EternalBlue exploit (a program used to track vulnerability in computer systems, believed to have been developed by the NSA) to propagate itself. It starts in time zones in the east and spreads across the world as people wake up and log into their systems,” Tarun Kaura, director, product management, at Symantec, a digital security company.