After the obvious hustle-bustle of last month’s WannaCry Ransomware Attack, there is global chaos with yet another cyber attack – Petya Ransomware Attack.

What is Petya Ransomware Attack?

It is “NotPetya” cyberattack.

It is a version of Petya attack, which was designed with the sole purpose of making money. NotPetya attack is designed to spread fast and cause extensive damage.

Although there is significant code sharing, the real Petya was a criminal enterprise for making money – The Grugq

Petya is using EternalBlue, a leaked NSA hack which was also used by WannaCry to infect over 150 countries. It spreads through a weakness in Windows SMB.  

How has it spread?

This malicious software has spread via large firms including the advertiser WPP, food company Mondelez, Danish shipping and transport firm Maersk, and legal firm DLA Piper.

Why is it your fault?

If you hadn’t patched your systems even after WannaCry global disarray, this was bound to happen. Windows update for the Eternal Blue exploit is given by Microsoft already and should be patched by now.

If you don’t know how to get the security patches, get it done here.

But it might not be just your fault

Here’s why…

There are indications that Petya is deadlier than Ransomware attack and may have other tricks to spread. Other than EternalBlue vulnerability, Petya uses two Windows administrative tools.

For instance, as per former NSA analyst and cybersecurity entrepreneur David Kennedy, this ransomware attack finds passwords on the infected computer to move to other systems. This is done by extracting passwords from memory or from the local filesystem.

If one doesn’t work, it tries the next one. Well, it definitely has a better mechanism than WannaCry.

As per Russian security firm Group-IB, Petya uses a tool called “LSADump” that gathers passwords and credential data from Windows Computers and domain controllers on the network.

How to Protect Yourself from Petya Ransomware Attack?

When Petya ransomware infects Windows PCs, it encrypts all the user data and computer displays a note demanding $300 Bitcoins (digital currency) to gain access.

However, don’t pay the ransom. Yes. It wouldn’t help you retrieve your data/files. There are two reasons:

  1. Hackers were using email id for confirmation but the account has been taken down by the German email service provider.
  2. There is no confirmation that the hackers can actually decrypt the data. There is no evidence up until now of hackers decrypting the files.

You Might Be Safe If you see…

It encrypts ON BOOT. If there is a message “CHKDSK”, your files are not yet encrypted. Power off immediately and recover data with LiveCD.

How to Protect Yourself from Petya Attack

Specific Measures

  • You can stop the spread from the Windows Management Instrumentation by blocking the file C:\Windows\perfc.dat from running.

  • Use Microsoft’s Local Administrator Password Solution to protect credentials that grant network privileges.
  • Disable SMBv1
  • Block outside access to ports 137, 138, 139, and 445
  • Limit access to domain admins.

General Measures

  • Patch Your Systems

Just like WannaCry, Petya is also targeting a vulnerability in older Windows. The best way to protect yourself is to update your Microsoft Windows. They have released a patch to protect against the vulnerability on Windows XP system. Thereafter, they have released more patches considering the high risk of cyber attacks.

How to do?

Enable Microsoft to automatically update your computer.

For older versions, go to Microsoft website and download patches. If you don’t know or don’t have the expertise, get assisted.

  • Get Backups

It is 2017 and if you don’t back your files up, then you are surely going to face more attacks.

Copy your files to another location like in the cloud or an external hard drive. You can back up data more than once a month and it won’t cost you a penny!

  • Protection Programs

Get protection programs that not only counter attacks but also notifies you about the potential threat your computer might be facing. It includes firewalls, anti-virus programs, and other protective software.

  • Be Cautious While On Public Network

Using a public network means you are visible to everyone else using that network. You can change the security settings on your system while using public Wi-Fi.

Use a VPN that hides your computer from others on that network. Although it won’t fight malware but you won’t be the target now.

Bonus Tip

Have a Server Security Scan to detect any vulnerabilities or malware injected in your server.

Share This