What is Petya?
Petya is a variant malicious code that is being described as a "ransomworm.” Similar to WannaCry, once it infects a computer, it encrypts all the data on that computer and requires a payment of 300 bitcoin to recover everything. If this ransom is not paid, those computers can potentially lose everything, while infecting other areas of the network.
The thing that makes Petya different, and a true ransomworm, is that it automatically searches for passwords and once it gains administrator access to a network, it can install on and encrypt every computer and server connected to it. Another significant difference is that WannaCry was primarily successful on out-of-date Windows operating systems. Petya can crawl through current operating systems much more easily. In fact, the cyber criminals responsible for Petya took advantage of vulnerabilities that were exposed during the WannaCry cyber-attack, as mentioned on the Fortinet blog.
Who was Effected?
Companies in 65 countries have already been attacked, infecting over 12,000 computers. Maersk and WPP are two well-known targets, being the world’s biggest shipping company and one of the biggest advertising companies.
After WannaCry took its toll across the globe and cyber security experts determined how it gained access, not all companies actually enacted the protective measures that were recommended. Petya is a more advanced version of WannaCry, so if your organization doesn’t have those security measures implemented then your organization may be more vulnerable to this new wave of 'ransomworm' attacks.
What Can We Do to Protect Ourselves?
Even though it seems like these ransomware attacks won’t stop, there are many protective measures you and your organization should be taking. Your IT Department should be storing a backup of critical files offline, in the emergency that data is damaged or completely destroyed. They should be continually patching and making sure the most up-to-date operating systems are being utilized.
Security operations should be utilizing the most up-to-date sandboxing techniques on attachments and virus detection software. When looking at your firewalls, look for Command & Control evidence because this is a signature Petya is leaving when it’s trying to infect a system. Also ensure that Remote Desktop Protocol is turned off or authenticated so that any potential Petya attack is confined to a smaller space, thus causing less damage.
As far as each individual user goes, maintain current awareness with employees to suspicious emails and don’t open any unfamiliar attachments, especially those from questionable sources. If your computer is encrypted by Petya and you see the demand for ransom to recover your files, do not pay it. Tell your IT Department and all other necessary personnel instantly so they can work to get ahead of it and limit the destruction. Solid backup and disaster recovery plans can help to limit the aftermath of any attack as well.
Following these steps can help you stay ahead of this most recent threat to your cyber security. For more information, read about the top 5 security threats and top 5 smart moves of dealing with cyber threats in this infographic, “Effectively Managing Cyber Security for the Enterprise.”