Shortly after the mass global attack of “WannaCry” Ransomware, Now again many organizations in Europe and US have been trapped by another ransomware known as “Petya”. This Malware has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk.
The Previous malware “WannaCry” attack left affected more than 230K computers in over 150 countries. Like previous “WannaCry” malware “Petya” also spreads rapidly through networks that use Microsoft Windows.
Read our previous article to protect your PC from “WannaCry” Ransomware
Exactly what is Ransomware?
It is a type of malware that encrypt your computer’s setup files and it’s primary memory drives and demands money, (typically in Bitcoin) to decrypt it. If victim don’t have any back-up he must either pay the ransom or have to loose all the files.
All about “Petya” Ransomware?
This malware spreads over computers and demands $300, to be paid in Bitcoin. It spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through 2 Windows administrative tools. Some experts say this malware is using better mechanism than the previous “WannaCry” because it tries 1st option and if it doesn’t work, it tries the next one.
What happens if infected by Petya?
– Encrypt files with a password (Not recoverable) – encrypts files including word processing documents, spreadsheets, photos and other important files.
– Locks the computer screen – shows a full-screen image or notification, which prevents victims from using their system & also provides instructions on how users can pay the ransom.
How can I protect my PC from Petya?
- Avoid phishing scams: No reputable company or tech support department will ask you to provide your username, password, social security number or other sensitive information in an e-mail.
Never click on Web links within unsolicited e-mail.
- Don’t open attachments: Unless you are 100% sure of whom the e-mail came from and what the attachment it contains, do not open or execute an e-mail file attachment.
- Do not browse suspicious websites:- There are lot of websites that will prompt you to download an undefined attachment.
- Backup important data (in case you have stored any DATA in your Laptop): Always save your important data in Server or Hard drive. We recommend using cloud backup or online storage provider, such as Dropbox, Google Drive and Microsoft One-Drive.
- Do not install unapproved software: Downloading software from the Internet is a primary source of viruses, spyware and Trojans.
Necessary Antivirus and Windows Update?
Most antivirus companies and Microsoft claim that their software has updated to actively detect and protect against “Petya” with below steps:
- Symantec products using definitions version 20170627.009 are ready to prevent the attack
- Kaspersky also says its security software is now capable of spotting the malware.
- Keep your Windows up to date – Most importantly March’s critical update is capable of EternalBlue vulnerability, which is major avenue of infection, and it will also protect against future attacks with different payloads.
- For any antivirus you are using, update it regularly and better to use an internet version of it.
More Particular Prevention
“Petya” always looks for a read-only file, “C:\Windows\perfc.dat” , and if it finds it, it won’t run the encryption side of the software. But this “vaccine” doesn’t actually prevent infection, but it will still remain in your PC and will try to spread to other PC’s on the same network.
If you have any suggestion or any new prevention comment below.