Security Alert: Petya Ransomware Spreading Like Wannacry

June 27th, 2017

Petya Ransomware Spreading Like Wannacry

The WannaCry ransomware is not dead yet.  And now there is another large scale ransomware attack known as Petya that is infecting Windows computer systems worldwide.  Petya ransomware is causing computer system outages at corporations, utilities, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe.

PetyaAccording to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.

Petya is a particularly damaging type of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.  Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.Petya ransomware replaces the computer's MBR with its own malicious code that displays the ransom note demanding $300 in Bitcoin and leaves computers unable to boot.

Apart from this, many victims have also informed that Petya ransomware has also infected their patch systems.

"Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.

How You Can Protect Yourself and Your Organization

Since these attacks are focused on older Windows operating, the most prudent thing to do is to retire all Windows 2003 servers and Windows XP PCs.  And of course, keep all of your Windows PCs and servers up to date with the latest Microsoft patches.

Make sure all of your computers have antivirus software, make sure the software is configured properly, and that all virus signatures are updated regularly.

Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.

Want to know how to protect in general against Ransomware?  See this guide from Sophos.

Need to have a better understanding of phishing email attacks?  See this article from Sophos.