Written by Rob Young, Group Managing Director – 12th July 2017
What is Petya Malware?
This year, the UK has been subject to several malware attacks such as the WannaCry virus that brought the NHS to a standstill in May. Petya is the newest strain to emerge. This destructive Malware has crippled large businesses over the past few weeks and it’s been reported that the virus source stemmed from a contaminated software update from MeDoc – a Ukrainian accountancy software firm.
Petya originally emerged in March 2016, but whilst the latest strain carries many similar properties, this new strain that’s since been renamed to “NotPetya” “Petna” and “GoldenEye” is proving even more powerful.
How far has Petya spread so far?
Petya has already infected thousands of Computers on an international scale, with reported attacks in France, Germany the UK and America. However, the Ukraine has been hit the hardest, with banks, Telecom operators and Government organisations becoming the latest victims.
How does Petya work?
The new strain of Petya differs from many other prevalent ransomwares such as Zepto, Locky and RAA, due to the way in encrypts files. Designed to present in a way similar to WannaCry ransomware. Petya is very different as it denies access to your entire system by encrypting files in the computer’s hard drive and also encrypts the MBR record on hard disks rendering the machines useless.
Petya also harvests usernames and passwords so the attackers could potentially gain access to infected systems even after they are restored.
How do you get Petya?
Petya embraces the EthernalBlue weakness in Microsoft Windows (a software vulnerability linked to the WannaCry attacks) to gain possession of PC’s and its data. Whilst many users have since installed the patch Microsoft released to resolve the security threat, some haven’t, and the minute Petya has sustained control of the Computer it quickly takes over.
If you are a victim of Petya, you’ll see the below image displayed on your screen. The flashing screen showing a ASCII (American Standard Code for Information Interchange) page.
Pressing any key on the Computer will then display the page below. Which demands a fee to be paid in Bitcoin to the cyber criminals behind the Petya ransomware.
How can you protect your business against Petya?
- Inform – make all employees aware of Malware/Phishing threats so they are educated to be extra vigilant when opening any emails including attachments, PDF’s or downloads
- Update – ensure your business has the latest version of Microsoft Windows and has installed the latest patch (MS17-010). Ideally, we would recommend that all users have automatic updates turned on.
- Patch regularly – this will ensure all Computers and Servers are fully protected.
- Prepare for a disaster – with the growing volume of malware and cyber security threats, we strongly recommend you implement a daily cloud backup of our business servers as a minimum. By backing up your data, you are one step ahead should your business become a victim of Petya.
- Install – industry standard malware protection such as Sophos Intercept X across the network that detects and protects against such attacks.
- Prepare – implement a disaster recovery plan to implement in the event of an attack.