The Attack Of The Petya Ransomware Is In Progress

June 29, 2017 / By

The Latest Virus “Petya”

 

Many organisations around the world are shaking in their boots today as a variant of “petya” ransomware swoops through the web.

As always Trend Micro are keeping a close eye on the whole situation, so any business that have been affected by the virus can gain some support from them.

So far, the virus has hit some well known firms. From the food company Mondelez to the legal firm DLA Piper, all sorts of brands have been crippled by the latest virus. Once a brand gets caught by the virus, their PCs and data will be Encrypted and held for ransom.

However, this isn’t the first Ransomware virus to strike this year. Earlier this year, Britain’s National Health Service was one of the first organisations to be hit by “WannaCry“. It was released to the public as part of a leaked stash of NSA-related documents released online in April. The hacker called themselves the Shadow Brokers.

More then 230,000 computers were affected by WannaCry all across the world in 150 countries to be specific.

If you haven’t realised, both WannaCry and “Petya” have something in common. Both spread though networks that are using Microsoft Windows. Nevertheless, there must be a way of stopping this virus from spreading. But how can we do it?

 

What Is Ransomware And How Does It Work?

 

Ransomware is a type of malware that travels through networks and blocks access to data, PCs and holds the business to ransom. The ransomware always infects the documents that are the most important to the brand. This is to trap companies into paying the ransom for data to be released, as they know that this data is crucial to the function of the company. If the company pay the ransom, then they’re told to get a digital key to unlock the files. Unfortunately, if a business hasn’t backed-up the files then they face losing the files or paying the ransom. With this in mind, we recommend backing up any important data so your not one of the unlucky ones.

 

How Is The “Petya” Ransomware Attacking?

 

Firstly, “Petya” will take over the computer and to release the computer, you’ll have to pay $300 in Bitcoins. But it’s not just one computer that gets infected. Once one computer is infected, the venomous software will rapidly spread across an organisation the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. Microsoft have released a patch which is will help in these situations but not everyone will have installed it.

According to Ryan Kalember, of cyber-security company Proofpoint “It has a better mechanism for spreading itself than WannaCry,”.

 

Where Did The Trouble Start And How Far Has It Spread?

 

According to the Ukrainian cyber police, the source of the trouble seems to root back to a software update mechanism that was built into an accounting program that companies working with the Ukrainian government need to use. This would explain why they’re so many Ukrainian organisations were affected. These include: government, banks, state power utilities and Kiev’s airport and metro system.

The “Petya” ransomware has travelled through Europe and through the US and hit some very major companies.  The advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft are among just some of the companies that have been effected.

The difference between WannaCry and “Petya” would be the way this virus spreads. “Petya” has tried to spread internally within networks and not externally. This is one of the main flaws of the virus as there has been a decrease in the rate of new infections overnight.

 

Who Is Behind This Attack?

 

So far it’s unknown who is behind the attack. However, it seems to be someone who wants the malware to masquerade as ransomware but in the making, are also being very destructive to businesses around the world.

Nicholas Weaver told cybersecurity blog Krebs on Security that “(Petya) is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware,’”

Ukraine pointed the finger at Russia when the virus first struck. This was due to the 2015 cyber-attacks on the power grid. This previous attack caused part of Western Ukraine to go out of power. Nevertheless, Russia have denied any involvement in this cyber attack. So where has it come from?

 

What To Do If The Virus Gets You

 

If the Virus gets into your computer then you’ll want to get rid off it quick. Once the ransomware infects a computer, it’ll wait an hour and then suddenly your machine will start to reboot. Once your computer starts to reboot, turn off your computer so you can try save your files from getting encrypted.

If you can’t turn off your computer and your system reboots with the ransom note coming up, do not pay the ransom! We understand that you probably think it’ll be easier if you pay it as you’ll just get your files back and go back to normal. However, the “customer service” email address has been shut down so the decryption key to unlock your files no longer exists. So you would be giving them money for nothing. What you should do is start by disconnecting your PC from the internet. You should the reformat the hard drive and reinstall your files from a backup. This is why we always tell customers to back up their files. We recommend backing up your files regularly and making sure your anti-virus software is up to date.

 

If you have any questions about what you have read then don’t hesitate to contact us. You can also contact us via Facebook and Twitter.