Many organizations have been crippled by a ransomware attack called as Petya. This malicious software is spreading through the internet all over the world with bolt speed.
“WannaCry” as known as “WannaCrypt” ransomware affected 230000+ computers in over 100+ countries. Spanish telecom company “Telefonica” and “German state railways” among those hardest hit. As like “WannaCry”, “Petya” also spreads rapidly through networks that used Microsoft Windows. So we should know, what is this “Petya”, why is it happening and how can it be stopped ?
What is Ransomware ?
Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it.
How this Ransomware works ?
When a computer got infected, the ransomware encrypts all important documents, files. After that they demands a ransom, typically in Bitcoin. The payment needs to be done for a digital key which is only the way to unlock the files. If victims don’t have a recent back-up of the files they must pay the ransom. Other than the payment, face losing all of their documents and other important files.
The work process of Petya ransomware ?
The ransomware hunts over computers and demands more or less of $300, paid in Bitcoin. This ransomware spreads rapidly across the organization, when a computer is infected using the Microsoft Windows eternalblue vulnerability(Microsoft has released a patch, but not everyone will have installed it) or through different Windows administrative tools. The Petya tries one option and if it doesn’t work, it tries the next one. Proofpoint company’s cybersecurity Ryan Kalember said that, “It has a better mechanism for spreading itself than WannaCry”
Any protection available for Petya ?
- Maximum major antivirus companies claims that their antivirus software has updated to actively detect and protect against “Petya” infections.
- With addition, keeping Windows up to date defending against the EternalBlue vulnerability and will also protect against future attacks with different payloads.
- Another line of defense has been discovered for this Petya malware outbreak. “Petya” checks for a read-only file, “C:\Windows\perfc.dat”, and if it finds it, it won’t run the encryption side of the software. But this “vaccine”doesn’t actually prevent the infection, and the malware will still use its foothold on your computer to try to spread to others on the same network.
Why this ransomware called as Petya ?
The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya. But in the times after the outbreak started, security researchers noticed that the superficial resemblance is only skin deep. On top of that, other researchers who independently spotted the malware gave it other names, Romanian’s Bitdefender called it Goldeneye, for instance.
If you are affected by the ransomware then what will you do ?
At 1st the ransomware Petya infects computers. Then waits for about an hour before rebooting the machine with re-starting. While the machine is going to reboot, you can switch off the computer to prevent the files from being encrypted and try to rescue all of the documents and the files from the computer. This is a vital process if you infected with this malware Ransomware.
Thank you for reading the helpful post, you can get other technological post in HERE