CybersecurityPetya Malware

Another major malware attack occurred shortly after the recent WannaCry outbreak. A new variation of the Petya ransomware called NotPetya infiltrated businesses around the globe.

The latest outbreak started in Ukraine but spread to businesses throughout Europe and the United States. The malware exploits vulnerabilities in the Microsoft file-sharing protocol and the RTF document-handling function. Once the ransomware enters the security hole and downloads to a computer, it will start the process of shutting down the computer. The PC will then transition to a screen appearing to be a standard check disk operation. This fake check disk operation is ransomware encrypting your files. Once the encryption process ends, the computer will shut down and reboot. Afterward, the user will see a notice that the ransomware encrypted their files, and they must send $300 worth of bitcoins to an email address.

The originator of the latest Petya variant, NotPetya, pirated the original ransomware. The program will still demand a ransom but will not allow users to regain access once they pay. The NotPetya originator programmed disk wipers in the malware. Once the software executes, the malware will destroy data.

The latest Petya outbreak affected companies, organizations, and government agencies around the globe including:

  • Maersk, the transport and logistics conglomerate
  • Merck Pharmaceuticals
  • Heritage Valley Health System
  • DLA Piper law firm in Washington DC

How can you protect yourself from ransomware?

  • You must back up your devices. SwiftTech can wipe your devices of the malware, and then migrate the latest working version of your data back into your device. If you do not run regular backups and you experience a breach, you will lose the work you stored on the devices, such as reports, projects, and client proposals.
  • Stay up to date with operating system patches. Many ransomware variants enter through unpatched systems. If even one device on the network is not up to date, it leaves an entry point for malware to come in and infect other patched systems.
  • Make sure your business is using systems still supported by Microsoft. If you are using a Windows 7 or older operating system, upgrade to Windows 10.
  • Run an anti-virus scan on your device. The major anti-virus programs will update their software to include fixes for the latest attacks, including variants of Petya. Paid versions of antivirus programs will monitor devices in the background and quarantine malicious downloads.
  • Do not click on email links from unknown senders.
  • Do not pay the ransom. There is no guarantee you will get your data back once you pay, especially if NotPetya attacks the device. Also, paying the ransom encourages cybercriminals to develop similar ransomware variants.
  • If someone allegedly from Microsoft contacts you unexpectedly, claims you have a virus, and offers to help, do not reply. Either you or SwiftTech needs to reach out to Microsoft for device support, not the other way around. If you have any doubts, you can follow up with SwiftTech.

What is included in Security as a Service?

Our Security as a Service provides additional protection against Petya and other malware variants:

  • Ransomware Protection
  • Email Security
  • Web Security
  • Enterprise Anti-Virus & Anti-Malware Protection
  • Intrusion Prevention, Detection, & Management
  • Security Monitoring

If your business is interested in subscribing to our Security as a Service, contact us at 877-794-3811 or email info@swifttechsolutions.com.

SOURCES
Cimpanu, C. Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software. (2017, June 27). Retrieved from: https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/
Maunder, M. PSA: Petya Ransomware Affecting Critical Systems Globally: Here’s What to Do. (2017, June 27). Retrieved from: https://www.wordfence.com/blog/2017/06/petya-ransomware/
Washburn, H. Latest Ransomware Outbreak Locks Your Entire Computer. (2017, June 27). Retrieved from: https://www.datto.com/blog/latest-ransomware-outbreak-locks-your-entire-computer
Cimpanu, C. Surprise! NotPetya Is a Cyber-Weapon. It’s Not Ransomware. (2017, June 28). Retrieved from: https://www.bleepingcomputer.com/news/security/surprise-notpetya-is-a-cyber-weapon-its-not-ransomware/
Krebs, B. ‘Petya’ Ransomware Outbreak Goes Global. (2017, June 27). Retrieved from: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
Downey, B. An MSP’s Guide to the Petya Ransomware Outbreak. (2017, June 28). Retrieved from: https://blog.continuum.net/an-msps-guide-to-the-petya-ransomware-outbreak