In the last three months Petya is the second major global ransomware attack after WannaCry in Europe and US, beginning from Ukraine . It is a type of malware which blocks access to data on Microsoft windows and demands money in Bitcoin to release it.
How Does It Work?
The malicious software exploits a payload that blots the system’s master boot record (MBR), overwriting the Windows bootloader, and then initiating a restart. Like a worm it spreads across all the infected computer systems using the EternalBlue vulnerability. When restarted, its executes the payload, and encrypts the Master File Table of the NTFS file system, and then shows the ransom dispatch demanding a payment made in Bitcoin.
This cyber-attack has caused major disruptions in companies across Europe and United States including WPP, Saint-Gobain, Global law firm DLA Piper among others whose systems were majorly infected by Petya ransomware this year.
How You Can Protect Yourself?
Windows Defender Advanced Threat Protection (ATP) has helped companies to detect, investigate, and respond to advanced attacks and data breaches on their networks. Using Symantec version 20170627.009 and also Kaspersky security software can help to identify and counter the ransomware. Moreover keepingyour system off the EternalBlue vulnerability will majorly stop the scope of being affected and will secure your systems from future malicious attacks of such nature. Specifically, the bug checks for a read-only file in C:\Windows\perfc.dat and if it locates it, it doesn’t begin with the encryption of the software.
After rebooting as soon you see the encrypted messages or ransom demand, power it off immediately and if you do not power on you can save the files. Do not pay the ransom, as this will shut down the customer service email address and it won’t be possible for Petya to extract the decryption key to unlock your files anyhow. Cut off your internet connection, reformat the hard drive and reinstall your files from a backup. You should keep a back of your important files on regular basis and have it protected by an updated anti-virus software.