This ransomware attack comes just weeks after the National Health Service (NHS) in Britain was affected by WannaCry, which used a software vulnerability to take control of the systems within the NHS. The group calling itself the Shadow Brokers were responsible for this attack. Spanish telephone company Telefónica and German state railways were among others who were majorly effected by this.
Similar to WannaCry, “Petya” spreads through networks which are using Microsoft Windows but the what you want to know is, why is it happening and how can it be stopped?
How does Ransomware work?
Ransomware is a type of malware that locks users access to a computer and its data.
When a computer becomes exposed, important documents/files become encrypted and a ransom (usually in Bitcoins) is the demanded from the user to regain access. If recent back-ups of the files are not available then the victim of the attack must either pay the ransom or face losing all of their files.
“Petya” works in the same fashion as usual ransomware attacks. It takes over systems and demands $300 to be paid in Bitcoins. The software can spread through either the EternalBlue vulnerability within Microsoft Windows or through two Windows administrative tools. Meaning that if one method fails, the malicious software has another chance to expose your system.
How can you protect against it?
Major antivirus associations claim that their software has been updated to both detect and protect against any “Petya” attacks. Also, keeping Microsoft Windows up to date can help protect against at least one of the avenues used by the malware.
Where did it start and who is behind it?
The attack looks to have originated through a software update mechanism built into an accounting program which organisations who work with the Ukrainian government have used. Many Ukrainian businesses were affected including banks, governments and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken down.
It is not entirely clear who is responsible for this, but the intentions of “Petya” was a deliberate and destructive attack.
In the past Ukraine has blamed Russia for cyber-attacks, including a major power grid attack which left western Ukraine temporarily without electricity. Russia has however denied responsibility of carrying out the cyber-attacks on Ukraine.
What should you do if you are affected?
The ransomware infects computers and then waits for around an hour before rebooting the machine. If you can switch the computer off whilst the machine is still rebooting, you have a chance of rescuing the files on the machine.
If your system reboots with the ransom note then do not pay the ransom. The email address has been shut down so there is now no way to unlock your files. If you have backups of your files available you can;
Disconnect your PC from the internet > Reformat the hard drive > Reinstate your backed up files.
Always back up your files and keep your anti-virus software up to date.