Ransomware Variants: “Petya” – Kidnapping You from Far

The latest ransomware outbreak “Petya” is attacking companies across the globe today. Quite a number of companies in Europe and Asia are reporting affected.

From the initial analysis, same as last time ransomware outbreak “WannaCry”, this ransom uses multiple techniques to spread, including one which was addressed by a Windows vulnerability MS17-010 via SMBv1.

Impact

Data will be unrecoverable due to encrypted by ransomware.

Until now, there is NO effective method to decrypt all the kidnapped files.

Actions Preventing Petya Attack

To save your computer from harms, please remember:

Ensure PC has up-to-date Windows updates, especially MS17-010.
Disable SMBv1 – https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows
Ensure up-to-date anti-virus signatures from your anti-virus software such as Kaspersky or Windows Defender updated.
Backup your files regularly and keep them in a separate and safe place.
Do not open email/attachments from unknown/untrusted source.
Ensure you have a “strong” system password.

Note: these are good security defense-in-depth recommendations for prevention of being infected, but these steps alone do not guarantee against infection.

As a Victim:

Since Petya will start data encryption after system reboot, if you found the Windows hang suddenly and reboot (like the screen below), you should:

Turn off the computer IMMEDIATELY once the Windows Logo appears. Otherwise, the encryption process will be started.
Contact your LAN administrator for assistance immediately.
DO NOT respond to any kidnapper by attempting payment and instead to report the incident to ITSC and the Police.

Note : Once the encryption process is completed, the data will be unrecoverable.

Reference:

HKCERT Security Bulletin:
Petwrap / NotPetya Ransomware Encrypts Victim Data
US-CERT:
Multiple Petya Ransomware Infections Reported
Microsoft Security Bulletin MS17-010 – Critical:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Large-Scale Ransomware Attack In Progress, Hits Europe Hard:
http://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
Recent News:
http://www.bbc.com/news/technology-40416611
https://unwire.hk/2017/06/28/petya/top-news/#!prettyPhoto
Other Ransomware Variants

Please visit here for more Information Security tips.

Created on: 28 Jun 2017

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.