‘Petya’ Ransomware blocks access to a computer or its data and demands money to release it
A new ransomware dubbed “Petya” started spreading across the world, targeting businesses and governments that weren’t sufficiently protected.
The “Petya” ransomware has caused serious disruption at large firms in Europe through a software update mechanism and caused for many Ukrainian organizations got affected, including government, banks, state power utilities and Kiev’s airport and metro system.
Some security researchers have noted that it’s not a variant of last year’s Petya ransomware, but rather one that just behaves like it. That’s why you might also see people calling it “NotPetya” or “Nyetya”.
At first, it was believed that it was ransomware, because it essentially locks down an infected computer and a ransom note appears on-screen. The ransomware’s name comes from the fact that it behaves similar to a ransomware from last year by the same name.
‘Petya’ Ransomware is targeting large businesses, electricity suppliers and government agencies around the world are being affected by a strain of malware.
How does the “Petya” ransomware work?
The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.
Who is behind Petya?
There’s no clarity yet on who is behind it, except an email address (“wowsmith123456@posteo.net”) that’s now defunct. But judging by the attackers’ initial target, it’s clear that they intended to affect government and business operations in Ukraine.
While some people made payments on Tuesday night, ransom payments aren’t advised any more as the email address being used for confirmation has been shut down by the email provider. That means even if you’re okay paying $300 for your data, it’s impossible for the attackers to send you a decryption key.
How to protect my computer?
Your first line of defense is to be sure you have the latest version of Windows: If you have automatic updates turned on, you’re safe. The update should already be installed to your computer.
If you don’t have auto update on, you can download the following security update:
- Windows 8 x86
- Windows 8 x64
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
Next, make sure that your antivirus software is up to date. Most antivirus companies already have patches out that block Petya and this new version of it.
For this particular malware outbreak, another line of defence has been discovered: “Petya” checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. But this “vaccine” doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
Lastly, take sensible everyday precautions. Sykes recommends backing up your computer regularly and keeping a recent backup copy off-site. And don’t open attachments in emails unless you know who they’re from and you’re expecting them.