Ransomware Variants: “Petya” – Kidnapping You from Far

Ransomware Variants: “Petya” – Kidnapping You from Far

The latest ransomware outbreak “Petya” is attacking companies across the globe today. Quite a number of companies in Europe and Asia are reporting affected.

From the initial analysis, same as last time ransomware outbreak “WannaCry”, this ransom uses multiple techniques to spread, including one which was addressed by a Windows vulnerability MS17-010 via SMBv1.

Impact

  1. Data will be unrecoverable due to encrypted by ransomware.

Until now, there is NO effective method to decrypt all the kidnapped files.

Actions Preventing Petya Attack

To save your computer from harms, please remember:

  1. Ensure PC has up-to-date Windows updates, especially MS17-010.
  2. Disable SMBv1 – https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
  3. Ensure up-to-date anti-virus signatures from your anti-virus software such as Kaspersky or Windows Defender updated.
  4. Backup your files regularly and keep them in a separate and safe place.
  5. Do not open email/attachments from unknown/untrusted source.
  6. Ensure you have a “strong” system password.

Note: these are good security defense-in-depth recommendations for prevention of being infected, but these steps alone do not guarantee against infection.

As a Victim:

Since Petya will start data encryption after system reboot, if you found the Windows hang suddenly and reboot (like the screen below), you should:

  1. Turn off the computer IMMEDIATELY once the Windows Logo appears. Otherwise, the encryption process will be started.
  2. Contact your LAN administrator for assistance immediately.
  3. DO NOT respond to any kidnapper by attempting payment and instead to report the incident to ITSC and the Police.

Note : Once the encryption process is completed, the data will be unrecoverable.

Reference:

Please visit here for more Information Security tips.

 

Created on: 28 Jun 2017