We said it before that Ransomware is here to stay. Watch out, according to sources, there is a new variant in the town known as Petya (also known as Petwrap). Just like WannaCry, this one is going around creating chaos worldwide, closing down businesses and power supplies, and financial institutions in France, UK, India, Ukraine, and Europe. Yes, you have to pay in bitcoins to get your files unlocked.
Just like WannaCry Windows SMBv1 has facilitated Petya to spread fast, in fact, faster than WannaCry. Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.
Interestingly, Ransomware Petya is different from its predecessor, it does not encrypt files on your system. Instead, the victim’s system reboots and paralyzes the master file table (MFT) and the master boot record (MBR). The user will not be able to access the system since the ransomware has seized the physical disk. Petya replaces the MFT and MBR with it own set of malicious code which displays the ransomware note. Unfortunately, the victim can’t reboot the system. A security survey quoted a rough figure, citing that only a handful of anti-virus companies are able to detect Petya ransomware.
Oil giant Rosneft, Russia has already faced the brunt of Petya followed by Ukrenergo the Ukrainian state electricity suppliers. “We were attacked. Two hours ago, we had to turn off all our computers. We are waiting for permission from Ukraine’s Security Service (SBU) to switch them back on,” Kyivenergo’s press service said.
How Petya Ransomware Manage to Infect Systems Rapidly?
As said above, just like WannaCry, Petya is taking advantage of SMBv1 Eternal Blue exploit, the unpatched Windows machines that are still in use.
Well, it is quite surprising that, even after knowing about the WannaCry issue for quite a decent amount of time, big corporations and companies have not yet implemented proper security measures to defend against such threat.
One will not be surprised that in spite of all that hue and cry surrounding Windows vulnerability that made WannaCry infect virus, most of the corporations and companies fail to learn from the past, and stand vulnerable to such cyber attacks.
“Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network-based threat (MS17-010),” security researcher using Twitter handle?Hacker Fantastic tweeted.
How to secure your system from Ransomware Attacks?
Quick action? Last but not the least get those patches and updates against EternalBlue (MS17-010) and let go the 3-decade old Windows SMBv1 file-sharing protocol.
a. Once again, be wary of unwanted or suspicious files and document that you get through emails. Do not click the links unless you verify the source.
b. Keep your precious data in a tight console, we even recommend that you keep a back-up regularly to an external storage device.
c. Finally, keep the best in the industry anti-virus software with an Advance Threat Protection and Containment technology.