As Ukraine reels from the attack from Petya ransomware, cyber security experts are warning that it is not just large corporations that are being exposed to the malware but consumers too. If you are running an operating system that can be easily exploited, then you need to protect yourself to avoid being crippled.
Like the Wannacry that almost destroyed the UK’s National Health Service, this malware is believed to be using EternalBlue exploit. This was software vulnerability in Microsoft’s Windows system. The company immediately issues a patch to protect users from EternalBlue.
So far Petya has caused significant disruption to many major European firms and has also hit the US with Heritage Valley Health System that runs care facilities and hospitals in Pittsburgh being hit. No one can state at this stage who is behind the attack is still unknown although the Ukraine has pointed the finger at Russia.
What Is Petya Ransomware?
The ransomware attack known as “Petya” has spread through large companies such as Mondelez the food company and transport firm Maersk locking up data and asking for a ransom. When a computer becomes infected the ransomware encrypts important files and documents then demands a ransom of $300 in Bitcoin payment. A digital key is required to unlock the files or face the risk of losing them. If you haven’t yet applied the patch for the EternalBlue vulnerability, then your computer is most definitely at risk.
What To Do If You Are Affected
Switch Off Immediately If Your System Reboots
This ransomware will infect your computer then wait for around an hour before it reboots your machine. While restarting quickly switch the computer off to prevent your files from being encrypted. If the system reboots and you see the ransom note, do not pay it as the email address has been shut down. So you can’t get the decryption key anyway. Disconnect your computer from the internet then reformat the hard drive, finally reinstalling your files from back. Make sure you keep backing up your data on a regular basis and ensure your anti-virus software is up to date as most antivirus companies already have patches to stop Petya.
Disable Windows Reboot
Some Windows systems have been configured to reboot if they crash, so make sure you disable this feature. If you prevent the MFT from being encrypted, you will still be able to recover the data from your local disc.
Other Recommendations For Home Users
- Switch your automatic updates on immediately so that you can receive the latest patches
- Ensure you enable User Access Control on the endpoint and operate as a standard user
- Use cloud backup or an online storage provider
Experts say that Petya ransomware cannot encrypt the file themselves as it encrypts the Master File Table which is an index of where data are stored on hard disk drive. With no index, it is hard to detect where the files are on the disk.
Finally, common sense is always a great tool to utilize. If you don’t know who the email is from then do not open the attachment and even if you do know the sender, double check that they have sent you an attachment to open.