What you should know about Petya Ransomware
So many companies around the world, especially in Europe and the US have been impaired by a ransomware attack known as ‘Petya’. The malicious software has spread through large organizations, locking data, PCs and held for ransom.
In early May, organizations were infected by WannaCry, a ransomware that was released by hackers. WannaCry and Petya are similar; they spread rapidly through networks that use Microsoft Windows. But Petya took an approach different from that of Wannacry or other crypto-ransomware. Instead of encrypting files individually, it aimed at the file system. This write up tells you what ‘PETYA’ is, why it’s happening, and how to stop it.
What is ransomware?
Ransomware is a type of malware that prevents access to a computer system or its files and demands money to release it.
How does the negotiation work?
When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.
How does the ‘Petya’ ransomware work?
A financial demand is made after the ransomware takes over a person’s computer. It penetrates using the Microsoft Eternalblue loopholes and speedily cuts across an organization by just the infecting a single computer. Microsoft had released a patch, and all who failed to install it suffered at the hands of the malware.
Is there any protection?
Many antivirus companies now claim that their software has updated to actively detect and protect against ‘Petya’ infections. To be on the safe side, we recommend that you always have your systems fully patched to help to defend against the EternalBlue vulnerability, that you use a trusted Antivirus, and that you set up network segmentation, which might help prevent spread within the network.
Where did it start?
The attack appears to have been started through a software update mechanism built into an accounting program that organisations working with the Ukrainian government need to use, according to the Ukrainian Cyber Police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone.