Petya Ransomware Attack ; What is it and How to Stay Safe?
Ransomware literally is a nightmare for the computer users. An average computer user didn’t know about ransomware until WannaCry had taken down many networks. As the sparks created by WannaCry settle down, another one raised its head, affecting the governmental networks in Ukraine. Petya, as the computer experts call the new threat, already found its way to several countries.
Even though the new entrant didn’t seem to affect any individual computers, you should know how it affects your system, especially if you are a server admin.
All About Petya Ransomware Attack
Maybe, ransomware is a whole new term to you! If that’s the case, you can refer to the following section to have a brief insight about it.
What is Ransomware?
Ransomware obviously, is a malicious program that encrypts all the important files in your computer. Once infected, it will ask you for a ransom (money) in the form of bitcoin. The amount they want you to send them varies from ransomware to ransomware. The new one in the house, Petya usually asks for a ransom of about $300 worth bitcoin.
In case you refuse to pay the money, they will double the amount in a certain period and eventually it leads to the deletion of your files. After the culprit infecting your system, the files get an unusual extension (varies for different ransomware).
Most of the ransomware follows an asymmetric encryption so that the brute force attack should take even years to stumble onto the right combination of keys. If you get the key, you can decrypt the files right away. But that isn’t as easy as it may seem.
What is Petya?
Petya made its first entrance into the cyber world in 2016. Computer experts could control the destruction and cease the functioning of the same back then. But this time, it returned with full power to cause a massive demolition.
In 2016, Petya massively got spread as Dropbox attachments via email. As the person on the receiving end continues to follow the steps to open the attachment, the ransomware gets into the Master Boot Record (MBR) of his/her computer. Once Petya finds a space on the system, it forces a restart and upon rebooting you will see a fake (but close-to-genuine) CHKDSK screen with a warning ‘One of your disks contains errors and needs to be repaired’. As it happens, the ransomware shows up the danger sign (skull with crossbones) in ASCII characters on a white and red screen. Finally what you see is a dreadful message that read ‘You became a victim of Petya ransomware’.
Your computer will display the instructions to recover the key to decrypt the files by paying about $370 worth bitcoin.
The new one showed all the traits of the old Petya upon infecting servers or computers. The CHKDSK screen came up and even asked to pay the ransom. The Verge reported that of all the Petya infected systems, 60% are in Ukraine itself.
Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport were compromised and people tweeted out that they were unable to fill fuel due to the chaos caused by the ransomware in the servers. The attack even affected the Chernobyl nuclear power plant, which as a result, moved on to manual radiation monitoring. The Danish shipping company Maersk and Pittsburg-area hospital in the US also recorded many systems down.
A New Twist
The initial examination pointed to the fact that Petya triggered the new attack. But then, the analysts found out there are massive differences between the programming of both 2016 and 2017 versions of the ransomware. The latter was designed as a wiper, not exactly a ransomware.
The reports came accusing Russia of the attack and having a political vengeance being the reason. Clearly, the sneakers didn’t try to spread the attack worldwide but they targeted Ukraine as the focus. The major publications interpret this fact as a conscious effort, not a coincidental happening.
Later after the attack went live, computer security experts stated that the new one is not Petya. Instead, it is programmed in such way to imitate the behavior of the same. Still, the analysis is being done by several security agencies and they haven’t come to a conclusion.
How can You Prevent the Attack?
If you are individual computer owner, the best possible way to avoid any ransomware is overlooking attachments from strangers. In case you feel anything fishy with an attachment came from a familiar email ID, you can reach out to them to enquire about it.
Microsoft has notified the users that System Center Endpoint Protection and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. They have also requested the users to make sure that they have a definition version equal to or later than
Threat definition version: 126.96.36.199
Version created on: 12:04:25 PM : Tuesday, June 27 2017
Last Update: 12:04:25 PM : Tuesday, June 27 2017
Following are the instructions send by Microsoft over mail
- Ensure you have the latest security updates installed
- Ensure you have the latest AV Signatures from your preferred AV vendor
- Do not open email/attachments from unknown/untrusted sources
Microsoft has assured that the free Microsoft Safety Scanner is designed to identify this threat as well as others. Keeping your antivirus up-to-date and firewall active works to a great extent. And, I strongly recommend you don’t go for cracked software and applications. You should bear in mind that even the free things on the web come with a cost (Yeah, I mean it!).
Are you a server admin? Do you think it’s beyond your ability to keep ransomware at bay? Then, you can look at these server management plans for protection.
What if Your System Gets Infected?
What if you find your system infected? For individual computers, using software like Hitman Pro Alert and Malwarebytes Anti-Malware might work. But the servers go all the way up to an advanced level. And, you may not have the resources and skills to eliminate the ransomware. So, you can use an emergency server support service to get your network back to life.
That’s a Wrap
The Petya ransomware may go into the oblivion so son. But that isn’t the end for the cyber attacks. Day by day, sneakers are coming up with new malware and technologies to dominate your servers. So, you have to be updated about them.
Not to mention, don’t be afraid to take professional assistance to prevent any ransomware getting into your computer or server. If infected, do not pay the ransom, NEVER. Chances are slim for them to give you the access again. As long as they stay anonymous, you can do nothing about it.