While WannaCry ransomware is still prevailing and forced Honda to shut down a factory earlier this week, another ransomware, Petya, is causing havoc around the world. Petya ransomware is rapidly spreading and cripples government organizations, banks, and many large firms. Victims include British advertiser WPP, US snack company Mondelez, Russian oil giant Rosneft and Danish shipping company Maersk.
(Image source: New York Times)
Patched PCs are still unsafe! Petya is more destructive than WannaCry.
Petya ransomware locks up computers to demand a $300 Bitcoin ransom. This ransomware exploits the same EternalBlue vulnerability WannaCry uses to spread itself and attacks unpatched Windows machines.
The EternalBlue vulnerability is part of the leaked NSA hacking tools, made public by the hacking group Shadow Brokers in April. Microsoft has released a security patch for all versions of Windows systems, but many people have not yet installed it and leave their PC at risk.
What’s worse, since Petya also spreads in internal networks through two Windows administration tools, WMIC and PSEXEC, patched systems are not immune to the infection.
Don’t pay! You won’t get your decryption key.
Unlike traditional ransomware which encrypts files one by one, Petya locks the hard drive. It also replaces the computer’s master boot record (MBR) with its ransomware code to show the ransom note.
When infecting a targeted machine, Petya will wait for about an hour to start the encryption. When the encryption starts, the ransomware reboots the infected PC and displays a fake Windows system message saying it is “repairing file system”. In fact, this “system repairing” period is used to encrypt your system. Upon seeing this message, you can switch off immediately to stop the encryption process and rescue your files.
(Image source: @hackerfantastic on Twitter)
In any case, don’t pay the ransom! The e-mail address used to communicate with cybercriminals has been suspended right after the service provider found out what the email is used for. Therefore, even if you pay the ransom, there’s no way to inform the hackers, not to mention receiving the decryption key.
Precautions you can take to prevent against Petya ransomware
To stay safe, make sure your Windows operation system is up-to-date. Install the security update to fix the EternalBlue and other vulnerabilities. You can install the patch either through Windows Update or the Patch Up feature built in 360 Total Security antivirus.
Also, download 360 NSA Cyber Weapons Defense Tool to protect yourself from WananCry, Petya, and following cyber attacks seeded through NSA hacking tools. This tool can check if any NSA exploits existing in your system and apply security update to fix it.