There’s another massive ransomware attack sweeping the globe, and this time it’s hitting a little closer to home. The latest attack is taking on computer systems at the iconic Cadbury chocolate factory in Hobart, among other Australian businesses.

As heartwarming as it would be if our collective chocolate obsession got people to pay some long-overdue attention to cyber security, it looks like Cadbury is just one small part of the problem. The attack, christened Petya, is still spreading worldwide, affecting many businesses in Ukraine, some pretty large global corporations, and reportedly even the Chernobyl radiation monitoring system.

Oh yeah, and it’s looking like it could have been largely avoided (or at least mitigated) if a few more people had paid attention to that Windows Update button. Oops.

Ransomware attack comes to Tasmania. This is what Cadbury's Hobart computers look like since 9:30pm #ransomware pic.twitter.com/tZIC16oQNH

— Leon Compton (@LeonCompton) June 27, 2017

As with the early hours of all cyber attacks, everything is chaos, and misinformation abounds. Here’s what we can tell you about this one so far:

Ransom… What?

Ransomware is a kind of cyber attack which typically works by encrypting files so that they cannot be accessed, and then demanding payment to decrypt them again. Basically, it locks up everything on your computer and renders it a useless hunk of metal unless you pay the hackers — which you should never do, btw.

2017 so far has been a big year for this kind of attack. In May, ransomware known as WannaCry brought UK hospitals to a standstill and caused chaos across infected systems throughout Europe. Australia largely escaped the worst of this attack, though it’s still kicking around, and this week was reported to have infected Victoria’s speed cameras, causing thousands of speeding tickets to be suspended. This is possibly the only good thing to come out of the ransomware hell that is this year.

What We Know About Today’s Attack

The Petya attack seems to have started in Ukraine, and spread pretty rapidly through a piece of accounting software that’s widely used in the region. Here’s the kicker, though: the new attack has been confirmed to rely on Eternal Blue, the same Windows vulnerability that was fixed last month after WannaCry.

Basically, while Petya isn’t the same as WannaCry, at this stage it’s looking like a lot of this drama could have been avoided if a few corporations had learnt from incredibly recent past errors and, uh, updated Windows.

#Breaking: Supermarket in Kharkiv, east Ukraine – all payment terminals look to have been hit by the #Petya #ransomeware pic.twitter.com/e1nUHNkVwg

— Ryan Clapham (@NewsReport365) June 27, 2017

 
But don’t take my word for it, here’s an expert take from my hacker friend Alex, who is paid to know more about this stuff than me. In his words: “Cadbury being absolutely slam-jammed by this ransomware tells us that they’ve been ignoring that Windows Update button pretty hard. Truly this is a purple chocolate company that likes to live dangerously from the comfort of its Windows XP utopia”.

Cadbury have yet to confirm whether this is the case. So far all we’ve heard from them is a statement from parent company Mondelez, which was full of extremely vague euphemisms about an “IT outage”. We imagine they have a fair bit on their hands right now.

A union representative confirmed to The Mercury that production at the factory stopped at 9:30pm last night and it’s unclear when it would start back up again.

The other interesting thing to note about today’s hack is that unlike typical ransomware attacks, its payment system is extremely bad. Security researcher Nicholas Weaver even referred to it as a “fecal theater”, which as far as we know is not a technical term.

Basically, the hackers behind Petya included only one email address for victims to send their ransom payments to, meaning now that this email address has been shut down, there’s no real way for the hackers to receive the money they’re demanding. It’s unclear whether this actually a mistake on their part, or just an indication that whoever’s behind this cares more about wreaking mass havoc than getting paid.

The email address being shut down also means that there’s no way for the hackers to get in touch with victims to decrypt their files. While you should never pay ransoms to hackers in the first case, this is an especially good reason not to do it today.

Okay, I’ve Seen The Light And Care About Cyber Security, Now What?

As this is the second time a destructive cyber attack of this scale has happened in two months (!!), there are actually plenty of resources on what to do about it. The short version: keep your software updated, use an antivirus program, keep regular backups, don’t open suspicious links or attachments.

A great time to do this is right now. After all, if you procrastinate, you’ve seen what happens: no more delicious chocolate.