Introduction

A new wave of ransomware attacks targeting organizations across the world has been reported June 27, 2017. Reports indicate around 2,000 attacked users so far.

The ransomware Petya was first reported in Ukraine, where its government, banks, state power utility and Kiev’s airport and metro system all particularly badly affected. The food giant Mondelez, legal firm DLA Piper and Danish shipping and transport giant AP Moller-Maersk also said their systems had been hit by the malware.

What is Petya Ransomware?

Petya (also called Petrwrap) is one of the thousands of variants of Ransomwares that have been around for years. What differs Petya from other variants is that Petya locks a computer’s hard drive as well as individual files stored on it, which makes it harder to recover back those information.

Petya has two components: The main malware attempts to encrypt the computer’s hard disk master file table (MFT). If it can’t detect the MFT, it turns operations over to its other component, a ransomware that Petya incorporates called Mischa, which encrypts all the files on the computer’s hard drive the way most ransomware does.

What to do if you got infected?

UNPLUG YOUR COMPUTER FROM NETWORK AND TURN IT OFF

Computers affected by the attack showed a message stating, “Your files are no longer accessible because they have been encrypted,” and demanding a $300 ransom in the Bitcoin digital currency.

If you faced a message similar to the screen below Power Off immediately your PC and contact EXEO Support Team.

Guidelines to stay safe

  • Be careful to click on harmful attachments (MS Office, Wordpad, or Windows executables) and links in your emails. Even if you have received this email from a friend or colleague, drop him/her a call to make sure the attachment or link is safe. Infected machines send infected messages masqueraded as legitimate but with harmful attachments and links
  • Stay away from unsafe and unreliable sites and social media applications.
  • Never click on a link that you do not trust on a web page or access to Facebook or messaging applications such as WhatsApp and other applications using your browser on your Work PC.
  • Be aware of cracked software(s) as they contain trojans and malicious codes.
  • Keep your files backed up regularly and periodically, and make sure this backup is always offline.
  • Be aware of fraudulent email messages that use names similar to popular services such as “PayePal” instead of PayPal or use popular service names without commas or excessive characters.
  • Use Anti-Virus and Always make sure to have the latest update.
  • Make sure your Windows have the latest security updates. Microsoft has released a critical rated security update MS-17-010 to resolve vulnerabilities for all supported releases of Microsoft Windows.
  • Don’t stay logged in with a privileged user such as an administrator. Always use an ordinary user, with limited privileges, to access your computers.
  • Limit access to network shares.

General Info

What is ransomware?

Malicious software that locks a device, such as a computer, tablet or smartphone and then demands a ransom to unlock it.

Where did ransomware originate?

The first documented case appeared in 2005 in the United States but quickly spread around the world. Ransomware attacks reached 3.8 million in the second quarter of 2015, and 638 million in 2016 and researchers are expecting 1 Billion+ in 2017.

How does it affect a computer?

The software is normally contained within an attachment to an email that masquerades as something legitimate. Once opened it encrypts the hard drive, making it impossible to access or retrieve anything stored on it – such as documents, photos, etc…
The malware also spreads over the network to encrypt any accessible shared file.

How much are victims expected to pay?

The ransom demanded varies, in some cases, victims were charged $600.
Victims are advised to never pay the ransom as it encourages the attackers.
However, even if victims do pay there is also no guarantee that they’ll get their data back.

Employee awareness is key to halting Ransomware attacks, so please spread the message.

Check our last month security awareness about Wannacry ransomware attack that affected more than 230,000 computers in over 150 countries, with the UK’s national health service, Spanish phone giant Telefónica and German state railways among those hardest hit.

To always stay up-to-date with the latest news and get tips & tricks that will help you boost your efficiency at work, you can subscribe to our Blog (On the right sidebar or In the Footer).