Petya, NotPetya ransomware malware causing havoc
A little info on Petya ransomware
Yesterday, we saw a new variant of the Petya ransomware. This ransomware has hit the news as it has swept across the globe. It has impacted a wide range of industries and organisations, including some critical infrastructure such as banking, energy and transport systems.
(To skip the history and find out if you are at risk talk to us now!)
This variant is a new type of multi-vector ransomware. This ransomware doesn’t attack a system in a single way or have seemingly one goal. It takes advantage of a number of exploits. This ransomware is designed to move across multiple systems automatically. Once on a network (such as your business network) it spreads across it quickly rather than staying in one place. From what we can see Petya uses some of the same vulnerabilies as WannaCry did recently. A large number of networks still have not been able to apply the patches for these and so are still at risk.
Another way in which this variant is different to other similar attacks is how it is attacking a broad range of networks and is nowhere near as focused as it’s counterparts. It will attack any device that it can exploit. Initial reports seem to indicate that this started with the distribution of an Excel document via e-mail. Once this Excel document was opened it leveraged certain exploits with Exxcel as well as with Windows. This is another reason it has been so succesful, this multi-faceted attack is a much more intelligent way of hacking. That combined with the broad brush nature of the distribution has made this a very nasty incident.
If I pay the petya ransomware will my data be safe?
No, this is a simple to answer question. With this particular ransomware there seems to be no mechanism built into the software to allow you to undo the damage. So any payment is entirely for nothing.
How to Stop Petya ransomware
The best ways to stop Petya and all ransomware for that matter is with good security practices. Initially ensure you have fully patched all systems in as timely a fashion as possible. Ensure firewalls and anti-virus are properly configured and updated. Next you need to make sure staff are aware. Anything that does get past any external filters will then be dealt with in an appropriate manner.
- Regular penetration testing – check hackers can’t get in!
- Staff awareness training – Make sure staff know how to react
- Regular staff testing – Test staff awareness by using simulated phishing