Petya Ransomware is yet another cyber attack that is streaking through the Internet and encrypting computers around the world. The ransomware has already crippled organisations in the United States and in Europe. The attack comes barely two months after WannaCry, another ransomware attack that affected more than 200 000 computers in more than 150 countries. Just like WannaCry, the Petya ransomware spreads rapidly through networks that use Microsoft Windows. Computers infected by this ransomware display a message demanding a $300 bitcoin ransom. Those who pay are asked to send confirmation of payment to an email address. The email address has reportedly been shut down by the email service provider.
Petya ransomware, more about it
The Petya ransomware belongs to a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload which encrypts the NTFS file table. A payment in bitcoin is demanded in order to regain access to the system. The new variant of Petya ransomware utilises the EternalBlue vulnerability previously used by WannaCry earlier in the year.
What to do if affected
Microsoft released a few patches which you should typically have to protect against potential attacks against known vulnerabilities. Read more about these patches from Microsoft’s blog. An infected computer will wait 1 hour before rebooting. Once this happens you should switch off the computer and try and save your files as the malware imitates a CHKDSK repair process to encrypt your files. See the Tweet below for Hacker Fantastic
If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6
— Hacker Fantastic (@hackerfantastic) June 27, 2017
It’s very important to remember not to pay the ransom as the email address for ransom payment confirmation has already been shut down.
This attack is yet another reason for organisations to up their security game. Zimbabwe was recently assessed to be the most vulnerable country to cyber attacks in the National exposure index. Warning signals have already gone off locally with a recent attack on the Harare Institute of Technology attracting a lot of media attention.