Latest Version of Petya Malware Attacked Businesses Worldwide

 

Another major malware attack occurred shortly after the recent WannaCry outbreak. A new variation of the Petya ransomware called NotPetya infiltrated businesses around the globe

The latest outbreak originated in Ukraine but spread to businesses throughout Europe and the United States. The malware exploits vulnerabilities in the Microsoft file sharing protocol and the RTF document handling function. Once the ransomware enters the security hole and downloads to a computer, it will start the process of shutting down the computer. The PC will then transition to a screen appearing to be a standard check disk operation. In reality, this fake check disk operation is the ransomware encrypting your files. Once the encryption process ends, the computer will shut down and reboot. Afterward, the user will see a notice that their files have been encrypted and to send $300 worth of bitcoins to an email address

The originator of the latest Petya variant, NotPetya, pirated the original ransomware. The program will still demand a ransom, but will not allow users to regain access once they pay. The NotPetya originator programmed disk wipers in the malware. Once the software is executed, the malware will completely destroy data

The latest Petya outbreak affected companies, organizations, and government agencies around the globe including:

• Maersk, the transport and logistics conglomerate
• Merck Pharmaceuticals
• Heritage Valley Health System
• DLA Piper law firm in Washington DC 


What can you do?

You must backup your devices. SwiftTech can wipe your devices of the malware, and then migrate the latest working version of your data back into your device. If you don’t run regular backups and you get attacked, you'll likely lose the work you stored the devices, such as reports, projects, and client proposals.

• Stay up to date with operating system patches. Many ransomware variants enter through unpatched systems. If even one device on the network is not kept up to date, it leaves an entry point for malware to come in and infect other fully patched systems. 

• Make sure your business is using systems still supported by Microsoft. If you are using a Windows Vista or older operating system, upgrade to Windows 10. 

• Run an anti-virus scan on your device. The major anti-virus programs, including Trend Micro, will constantly update their software to include fixes for the latest attacks, including variants of Petya. Paid versions of antivirus programs will monitor devices in the background continuously and quarantine malicious downloads. 

• Don’t click on email links from unknown senders

• Don’t pay the ransom. There is no guarantee you will get your data back once you pay, especially if the device is attacked by NotPetya. Also, paying the ransom encourages cybercriminals to develop similar ransomware variants. 

• If someone allegedly from Microsoft contacts you out of the blue, claims you have a virus, and offers to help, do not reply. Either you or SwiftTech need to reach out to Microsoft for device support, not the other way around. If you have any doubts, you can follow up with SwiftTech.


Our Security as a Service provides additional protection against Petya and other malware variants:

• Ransomware Protection

• Email Security

• Web Security

• Enterprise Anti-Virus & Anti-Malware Protection

• Intrusion Prevention, Detection, & Management

• Security Monitoring

If your business is interested in subscribing to our Security as a Service, contact us at 877-794-3811 or email This email address is being protected from spambots. You need JavaScript enabled to view it..

 

SOURCES
Cimpanu, C. Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software. (2017, June 27). Retrieved from: https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/
Maunder, M. PSA: Petya Ransomware Affecting Critical Systems Globally: Here’s What to Do. (2017, June 27). Retrieved from: https://www.wordfence.com/blog/2017/06/petya-ransomware/
Washburn, H. Latest Ransomware Outbreak Locks Your Entire Computer. (2017, June 27). Retrieved from: https://www.datto.com/blog/latest-ransomware-outbreak-locks-your-entire-computer
Cimpanu, C. Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware. (2017, June 28). Retrieved from: https://www.bleepingcomputer.com/news/security/surprise-notpetya-is-a-cyber-weapon-its-not-ransomware/
Krebs, B. ‘Petya’ Ransomware Outbreak Goes Global. (2017, June 27). Retrieved from: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
Downey, B. An MSP’s Guide to the Petya Ransomware Outbreak. (2017, June 28). Retrieved from: https://blog.continuum.net/an-msps-guide-to-the-petya-ransomware-outbreak

 

Contact us at 877-794-3811 or [email protected] for Professional IT Support

get in touch