Petya Ransomware Marks Targets Globally: Everything You Gotta Know About It and Ways to Protect Your System
Looks like the WannaCry ransomware attack was just the beginning of ransomware dominance, a new ransomware has debuted worldwide and is spreading like wildfire. It has affected computers in Ukraine before reportedly attacking computers in Spain, Germany, Israel, the UK, Netherlands and the US. This new ransomware is dubbed Petya and is also known by various other names such as Petrwrap and Notpetya.
Until now, it has affected government organizations, shipping firms, a petroleum giant and the Chernobyl nuclear reactor. In a tweet, Kaspersky Lab's global research director Costin Raiu said that his firm is witnessing the largest number of Petya attacks in Ukraine, the Russian Federation, and Poland.
Meanwhile, many other security researchers are claiming that Petya is spreading in multiple locations similar to WannaCry. This one spreads when the computer is locked. It demands a $300 Bitcoin fee to free the system. However, the email client Posteo, which hosts the Bitcoin payments account for the ransomware, has shut down the address listed in the Petya ransomware, which means that it can no longer receive money. Before it was shut down, the Bitcoin wallet had received a sum of £5,800 from victims.
What is Petya Ransomware?
Petya has been there since 2016, but the latest one affecting systems is the updated version of the same ransomware. It means that the new version has updated codes that help it to spread quickly. Researchers have said that there are differences between Petya and the new Petya, which is why it is being dubbed NotPetya. Also, researchers from Kaspersky say that it is intended to have "plausibly deniable cover of ransomware".
For now, the reports are being analyzed, but the total impact of the attack is still unknown. In the coming days, detailed inspection would reveal the impact and other information about Petya.
Despite the incomplete information about the new ransomware, reports about its attack are coming in. UK marketing firm WPP tweeted that it has been hit "by a suspected cyberattack". Responding to the many reports about Petya, the UK's National Crime Agency said it is observing the situation and working with other firms across the world to control it. This time around, the NHS seems to be untouched by the ransomware attack, unlike WannaCry that gripped the organization.
How does Petya ransomware spread?
Similar to other malware, this one also locks down the computer and encrypts files. It shows this message on the affected systems - "If you see this text, then your files are no longer accessible because they have been encrypted". Just like WannaCry, Petya also demands the ransom in Bitcoins, but their Bitcoin account is currently inactive. Security experts believe that Petya exploits the same vulnerabilities in Microsoft as WannaCry. Symantec states that it has been confirmed that it is exploiting the EternalBlue vulnerability, allegedly developed by the National Security Agency (NSA) along with EternalRomance exploit.
How to protect the computer against Petya?
Well, this advice applies to preventing all malware from infecting the computer. Firstly, make sure your system is updated with the latest security patches from the manufacturer. Also, check if all the apps on your system are updated to their most recent version. The EternalBlue vulnerability takes advantage of out-of-date software, which means that an updated system could limit the attack.
Secondly, it's better to have third-party protection in the form of anti-virus programs. They offer an extra layer of security. It's advisable to run regular system scans with these programs.
Lastly, given the increase in ransomware attacks, it is advisable not to download email attachments from unknown senders. In fact, it should always be the practice to stay away from any cyber scam or attack.