What You Need to Know About Petya Ransomware

 |   |  Security
CyberSecurity

You have likely heard the sayings “don’t reinvent the wheel,” and “imitation is the highest form of flattery.” Both aptly apply to Petya Ransomware, a threat currently affecting organizations worldwide. To explain, Petya is not new. First discovered in 2016, this form of ransomware that would not only encrypt files on the computer but also infect the Master Boot Record, preventing machines from booting into the Windows Operating System.

What is Petya?

Instead of “reinventing the wheel” by creating a new global threat, hackers made Petya even more dangerous by “imitating” WannaCry (a recent ransomware worm that took advantage of a Windows vulnerability in a way that had never been done with ransomware). In the past, ransomware would only affect a single machine and network drives the user had access to. While damaging, if regular backups were performed the network could return to a functional state in a reasonable period of time. What makes this new threat so dangerous is its ability to spread from computer to computer. Imagine, within hours, hundreds of PCs and servers being permanently decommissioned. This is happening as we speak to businesses throughout the world, especially in Europe.

How do I protect my network?

First and foremost, patch your computers and servers with the latest Windows Updates. The recommended Microsoft MS17-010 patch associated with the WannaCry vulnerability greatly reduces the chances of this worm from spreading throughout your network. Petya is able to spread from PC to PC using permissions associated with the current user signed into the machine. Following best practice guidelines of not giving standard user accounts administrative privileges on the network or the domain will also greatly reduce the threat of this worm spreading.

When dealing with any security threat, follow these best practices:

  • Be cautious of what emails and attachments you open.
  • If you have questions about an email, attachment or webpage, bring it to your organization’s IT or security experts before doing anything. You can also reach out to us.
  • Patch your systems with the latest Windows updates.
  • Educate your users. They are more likely to be the cause of a security incident than an attack from the outside. Security awareness training makes your whole organization safer.

This threat is still evolving and we’ll keep you updated as needed. As always, if you have any questions or concerns, don’t hesitate to reach out to us!

Eric Monda

Eric Monda

Eric Monda is a Senior IT Security Analyst and has been with ADNET Technologies since 2006. His extensive experience in the field combined with his background in IT allow him to fully understand the technical needs of clients while providing solutions for the security issues organizations face.

Read full bio >