Petya Ransomware: What You Need To Know and How To Protect Yourself From It!

Starting on June 27, 2017 reports of a new Ransomware infection, the Petya Ransomware, began spreading across Europe. Microsoft first saw the infections in Ukraine, where more than 12,500 machines encountered the threat. Petya then quickly spread to 64 other countries, including Belgium, Brazil, Germany, Russia, and the United States.

What is Petya and how does it work?

Petya is a ransomware, which is a type of malware that encrypts files and blocks access to those files unless a ransom is paid. Unfortunately, Petya has worm capabilities, which allows it to move laterally across infected networks. So once a computer on the Network is infected, that computer will spread it to the rest of the computers on the Network. If the victims do not have a recent backup of their files, then they must pay a ransom or be forced to lose all of their files.

According to NPR,

The Petya ransomware demands a $300 bitcoin payment to retrieve encrypted files and hard drives. As of Wednesday morning Eastern time, the account had received around $10,000. But in a move that has caused some controversy, German email company Posteo blocked the email address the Petya hackers were using to confirm ransom payments. While some cybersecurity experts have praised the approach, others note that users whose files are held hostage have now lost their sole point of contact.

Therefore, the victims of Petya only have a invalid email address to send the ransom to and are not able to pay to get their files back.

Where did it start and who has been affected?

Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc, a Ukrainian tax accounting software, updater process. Microsoft also states that  software supply chain attacks are a recent dangerous trend with attackers, and it requires advanced defense. As we stated above it has been spread in 64 countries.

According to The Guardian,

The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The food company Mondelez, legal firm DLA Piper, Danish shipping and transport firm AP Moller-Maersk and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh, also said their systems had been hit by the malware.

Crucially, unlike WannaCry, this version of ‘Petya’ tries to spread internally within networks, but not seed itself externally. That may have limited the ultimate spread of the malware, which seems to have seen a decrease in the rate of new infections overnight.

What do you need to do to protect yourself and your company?

Luckily, Microsoft and most other major antivirus companies have updated the software to detect and protect against Petya Ransomware.

Microsoft wrote,

To protect our customers, we released cloud-delivered protection updates and made updates to our signature definition packages shortly after. These updates were automatically delivered to all Microsoft free anti malware products, including Windows Defender Antivirus and Microsoft Security Essentials. You can download the latest version of these files manually at the Malware Protection Center.

Windows Defender Advanced Threat Protection (Windows Defender ATP) automatically detects behaviors used by this new ransomware variant without any updates.

Make sure to follow the instructions below to protect yourself and your data from this attack:

DESKTOP USERS:

1. Update Your System Operating System to Windows 7,8 or 10.
2. If your system is too old to support an upgrade, please backup your files and purchase a new system. Our staff can help you with that.
3. If you are using Windows 7-10, please update your Windows Defender Program
4. Install the latest Windows Updates for your Operating System.

SERVERS RUNNING ON WINDOWS SERVER 2003 & SERVER 2008:

1. Consider an immediate Upgrade to Server 2008R2 or newer if you want to continue to have a physical hardware solution on premise.
2. Consider moving to a Cloud Solution which will automatically run system back ups for you daily.
3. Verify and obtain a current backup of all your company data.

BUSINESSES RUNNING WINDOWS SERVER 2008R2  or NEWER:

1. If you have been on the fence about using a better router, this is the time to add that extra layer of protection
2. Best Practices with routers includes customized security and content filtering features.
3. Schedule a network security assessment with Orange County Computer and establish a corrective action plan to safeguard your network.

Remember that once a single computer in your organization is hit by the Petya ransomware, the virus looks for other vulnerable computers and infects them as well.

Contact the security experts at Orange County Computer for more information on how to safeguard your network and valuable information at 949-699-6619 or contact us here.

Information originally obtained from Microsoft, NPR,  and The Guardian.