Second ransomware at global level in less than two months!

What is it and how to protect your data?

From private corporations to government organisations, numerous industries have been a prey to Petya this morning. Petya, generally, is the term for a ransomware program which targets Microsoft Windows based systems by infecting the MBR and demands virtual money to release the files uninfected. The cyber attack this morning is quite similar to functioning of Petya virus and is thus named after it.

This malicious program is reported to kick-off by pretending as a software update in an accounting program, associated with Ukrainian government. This rules out the reason that most of the affected parties were Ukrainian organisations:

      Government Offices

The next hit on its list have been US and Europe and some of the targeted firms are WPP, Saint-Gobain, Evraz, Rosneft etc.

Just like any other-ransomware, Petya takes over a computer by encrypting the files and data stored in it and demands $300 for the decryption key. Till then all of the user’s data is left as it is.

The catch here is, it pretends to be a ransomware attack but looks more of a deliberate attempt for complete digital destruction. Reason being, unlike professional attackers who assign exclusive bitcoin address for each user, the Petya tends to use same address for all transactions and was communicating with affected parties via a single email address.

The email address under operation has been shut by the service provider to avoid misuse of their platform. So basically, even if you successfully pay the ransom in desired form, there’s no way the attackers can revert to you for the decryption key.

With Petya intrusion, the virus doesn’t hinder your data immediately on access, rather waits for an hour before rebooting. While still in the reboot stage, it encrypts all of the data and makes your device unusable.

Though not foolproof, a way of protecting your data is to switch off the computer during the automated-reboot process which in turn avoids default-encryption of your files.

Though the exploit used for Petya is quite similar to that of WannaCry, the reason for computers being infected with Petya is still not specific. And it’s definitely not via emails as in case of WannaCry. The exploit used here is termed EternalBlue and was leaked by the hacker group- Shadow Brokers. For companies with security patch installed to protect against WannaCry, it becomes a little tedious for Petya to break in but not impossible. Petya moulds its own ways to intrude, depending upon surrounding environment.

Petya is thus estimated to be deadlier than WannaCry and spreads with a self initiating mechanism.