What Is “Petya” Ransomware?
On June 27, 2017, the Petya ransomware began spreading over the world. This cyberattack looked to be an updated version of the Petya malware virus, which spread to unpatched computers using the same Server Message Block vulnerability that WannaCry did, as well as a credential-stealing mechanism to proliferate to non-vulnerable PCs.
Security experts found Petya in March 2016, noting that, while the virus caused fewer infections than other currently active strains, it was nevertheless distinctive in its operation. Later that year, a new Petya variant appeared this time with an additional capability to be employed if the virus was unable to get administrator access to a machine.
Security experts found Petya in March 2016, noting that while the virus caused fewer infections than other currently active strains, it was nevertheless distinctive in its behavior. Later that year, a new Petya variant appeared this time with an additional capability to be employed if the virus was unable to get administrator access to a machine.
In June 2017, a new strain of Petya emerged that was more powerful than the original. This variant has been named NotPetya by some security professionals because of its different capabilities.
How Does the “Petya Ransomware” Work?
The ransomware typically spreads through infected email attachments or by exploiting vulnerabilities in Windows operating systems. In order to protect yourself from online threats, be aware of the ways you can protect yourself from ransomware, and always use caution when opening unexpected attachments or clicking on links in emails. If you have been affected by the “Petya” ransomware attack, please consult your computer manufacturer for instructions on how to remove the infection.
What Is the Significance of the Name “Petya”?
“Pete” in Russian is Petya. Some experts believe that this new ransomware infection is just meant to look like Petya. For instance, the real Petya has a sophisticated ransom-collection and file-decryption process. Although there is a superficial resemblance, this new bug does not have the same functionality.
What Makes Petya and NotPetya Different?
Petya virus has been around for a while, however, a new variation was released in June 2017. Some have dubbed this strain NotPetya due to modifications in the malware’s behavior. Petya and NotPetya have separate encryption keys, as well as various reboot styles, displays, and notes. Both, though, are equally damaging.
Is There Any Protection from Petya Ransomware?
Petya is a ransomware infection that is difficult to eradicate once it has attacked a computer system. In the majority of situations, the victim must choose between paying the ransom (in the hopes of receiving the encryption key) or erasing everything and restoring it from backup. The best course of action is to avoid ransomware at all costs.
Here are some tips before, during, and after an attack:
Before the Attack
Before a ransomware attack happens, it is important to have a plan in place and make sure you are prepared. This means being aware of the latest security threats and having up-to-date antivirus software installed.
- Back Up and Restore
Regular data backups are essential to ransomware security, as well as restoration drills. Knowing in advance whether your backup plan is effective is the only way to be sure you’re fully protected.
- Update and Patch
Patching and updating Update your devices’ operating systems, security software, and fixes as needed.
- Train and Educate Users
Your employees need to be properly trained and aware of the dangers of ransomware, in order to avoid becoming a victim. If they receive a ransomware demand, they should immediately report it to the security team–never try to pay on their own.
- Invest in Robust People-Centric Security Solutions
Even the best user training won’t stop all ransomware. Advanced email security solutions protect against malicious attachments, documents, and URLs in emails that lead to ransomware.
During the Attack
- Contain the Damage and Get Back to the Business
If you’re newly infected with ransomware, the best strategy is to avoid paying the ransom. However, this advice means nothing if you don’t have backups of your data.
You have to resolve short-term issues, such as getting computers and phones back online and dealing with ransom demands.
- Turn Off Your Computer, Press the Power Button and then Disconnect from the Network.
Petya waits about an hour after infecting a system before rebooting and displaying a message that the system is being “repaired.” If the machine is turned off immediately, some files may be saved, experts say.
If employees see ransomware demands or notice something is odd, they should disconnect from the network and take the infected machine to IT for diagnosis.
only the IT security team should attempt a reboot, and even then it may not work in the event it is fake scareware or run-of-the-mill malware.
- Call Law Enforcement
Ransomware is a crime—theft, and extortion are in play. Notifying the proper authorities is a necessary first step.
- Determine the Scope of the Problem Based on Threat Intelligence
Your response including whether to pay the ransom— hinges on several factors: The type of attack.
Who in your network is compromised.
What network permissions do any compromised accounts have.
- Orchestrate a Response
Paying the ransom is a big decision that may require consultation with law enforcement and legal counsel. In some cases, it may be unavoidable to pay the ransom.
Most free tools only work for a single strain of ransomware or even a single attack campaign. As attackers update their ransomware, the free tools fall out of date and likely won’t work for your ransomware.
The only way to completely recover from a ransomware infection is to restore everything from backup. However, even with recent backups, paying the ransom might make more financial and operational sense.
After the Attack
- Review and Reinforce
We recommend a comprehensive security assessment to identify any potential threats that may still linger in your environment. Take a hard look at your security tools and procedures—and where they could be improved.
Ransomware can contain other threats or backdoor Trojans that can lead to future attacks. In some cases, the victim’s environment was already compromised, opening a door for ransomware.
Look closer for hidden threats that you may have overlooked in the chaos.
- Post-Mortem Review
Review your threat preparedness, the chain of events that led to infection, and your response. In order to prevent future attacks from happening, you need to understand how the ransomware attack got through.
- Assess User Awareness
A well-informed employee is your last line of defense. Make sure employees, staff, or faculty are up to the task.
- Education and Training
Develop a curriculum to help employees protect themselves from cyber-attacks. Create a crisis communications plan in the event of an attack, and follow up with drills and penetration testing.
- Reinforce Your Defenses
Today’s rapidly changing threat landscape requires security solutions that can analyze, identify and block malicious URLs and attachments that serve as ransomware‘s primary attack vehicles in real-time.
Look for security solutions that can quickly adapt to new threats, so you can stay ahead of them.
You may also be interested: