Latest NewsNEWSTechnology

Petya Ransomware: Here is what you need to know !

It has been reported that a new ransomware variant of Petya has been spreading the internet. The ransomware has affected more than 3,00,000 systems in the past 72 hours.

How does this ransomware work?

The ransomware does not encrypt files on a targeted system one by one. Instead, it reboots victims computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

How does this ransomware spread?

This ransomware is exploiting SMBv1 Eternal Blue exploit, just like WannaCry, and taking advantage of unpatched Windows machines. In addition to Eternal blue exploit, it also spreads in internal networks with WMIC and PSEXEC and hence patched systems can also get hit.

After installation, it asks users to pay 300$ worth bitcoins and to determine who exactly has paid, the hacker also instructs people to email their bitcoin wallet ID, and their “personal installation key” so that the hacker can release the specific key needed to unlock that individual victim’s files. However, the email provider Posteo has shut down the email address that was supposed to be used by victims to confirm bitcoin transactions and receive decryption keys.

How to protect yourself from this dangerous ransomware?

– Install the Wannacry windows patch MS-17-010
– Disable SMBv1 file sharing protocol
– Disable WMIC ( Windows Management Instrumentation Command-line).

  •   Be careful of any unwanted links and attachments sent over the email.
  •   Ensure that the antivirus/malware detection tools are updated and conducting regular     scans as most of the major antivirus softwares detect this infection. 
  •   Ensure that you have proper backups of all your important files. 
  •   Operate with a least privileged access model with employees. Restrict who has               administration access.
shortlink

Post Your Comments


Back to top button