Petya Ransomware: Is your data at risk?

A new ransomware named Petya hit high-profile targets in multiple countries, including the United States, on Tuesday. Tens of thousands of infections have been reported globally, just one month after the WanaCry outbreak.

While Petya has not infiltrated as many machines as ransomware WannaCry did in May, the Petya ransomware is more powerful, professional, and dangerous than last month’s WanaCry attack and uses the same type of exploit to target vulnerabilities in Microsoft’s operating system. In addition, this ransomware takes it a step further and utilizes a MBR (Master Boot Record) locker, which prevents computers from rebooting. Once infected the attack can spread laterally across a network, infecting multiple systems within an organization. However, unlike WanaCry it does not have a kill switch, so there’s no apparent way to end the outbreak.


BACKUP YOUR DATA: To reiterate some of our previous articles, the best protection remains a reliable and proven backup strategy, especially since the encryption used by the Petya ransomware is secure and at this time there is no way to unencrypt the data. The only way to get the data back is to pay the ransom or by restoring from secure offsite backups.

KEEP YOUR OPERATING SYSTEM UPDATED: In addition to secure data backups, you need to make sure that all critical Windows updates are installed.  This is very important step in protecting your system, as Petya’s main infection vector is the same as the WanaCry vulnerability, which has been patched for several months now.

INSTALL & UPDATE A GOOD ANIT-MALWARE PROGRAM: Apart from regular backups and system updates, you do need to install an updated Ant-Malware program. You will be glad to hear that Emsisoft Ant-Malware, has proven to be a good defense, as it catches the ransomware’s attempt to infect the system before it can execute, thus protecting users from this and hundreds of other ransomware families. And as always it is important that even the best Ant-Malware software be kept up to date.


DON'T CLICK ON ANYTHING SUSPICIOUS: Lately we have seen an escalation of phishing scams. Phishing attacks have several key characteristics. They use email or text messages that appear to be from large, well-known organizations. Hackers will often make their messages look like an email from a bank or financial institution. Emails that look like they are from universities or major online organizations such as PayPal or eBay are also common. Hackers will send these fraudulent messages to thousands of people.

These messages usually have malware-ridden attachments (Ransonware). When people download them, the malware infects the victims computer. Another tactic is to include a link to a website controlled by the hacker. The hacker then uses the website to spread malware.

Lately however, we have seen an increase in sophistication. The emails now appear to be from someone you may know or have done business with. The email may even seem like it is a reply to an email you have sent. The common theme here is that there is always a Download or a Link to a web-site involved. The bottom line is not to click or download anything that your not 100% familiar with.


With our managed services, we can make sure your data is backed up, system updated & protected from Malware. Give us a call today at 484-753-7200.