Petya Ransomware: What should you know about it?
Monday, 4th July, 2016
Many organizations in Europe and the US have been crippled by a ransomware attack known as “Petya”. The malicious software has spread through large firms leading to PCs and data being locked up and held for ransom. “Petya” spreads rapidly through networks that use Microsoft Windows, but what is it, why is it happening and how can it be stopped?
What is ransomware?
Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it.
How does it work?
When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.
How does the Petya ransomware work?
The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.
Is there any protection?
Most major antivirus companies now claim that their software has updated to actively detect and protect against “Petya” infections. Additionally, keeping Windows up to date – at the very least through installing March’s critical patch defending against the EternalBlue vulnerability – stops one major avenue of infection, and will also protect against future attacks with different payloads.
For this particular malware outbreak, another line of defence has been discovered: “Petya” checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. But this “vaccine” doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
What Can I do to Stay Protected?
The best line of defense is to avoid opening any suspicious attachments that you receive from others and to make sure your antivirus software is up to date. By doing so, you can keep the probability of having your PC infected to a minimum.