Petya Ransomware Attack – You Can Stop it

by

Following on from the WannaCry ransomware attack many countries are seeing an infection of a second attack, called Patya (or confusingly, NotPetya or a variety of of other names, such as Goldeneye). The naming confusion comes from the fact that it was initially identified as an existing malware called Petya, but subsequently it was found to be quite different.

As with previous ransomware infections, the virus will look to jump from one computer to another on a network, where it will encrypt files and demand a ransom to release them. In this case there is some doubt that the intention of the attack is actually to obtain a ransom – and importantly the method of communication with the attackers has been shut down so even if you did pay the demand you would have no way of alerting them to the fact (so don’t pay it!).

What does this mean for your business?

With each attack it becomes more apparent the importance of internal security measures:

  • maintaining up to date operating system (i.e. Windows etc) updates and patched
  • having a good antivirus program on all computers
  • ensuring good password managment
  • knowing what to do in the event of an attack

Specifically with this attack there are one or two things in addition that can be done to prevent or minimise any potential damage:

  • it has been discovered that this latest strain checks for a read-only file (C:\Windows\perfc.dat) and if it finds it halts the encryption process. It will however still attempt to infect other computers on the network.
  • If you do get infected, your computer will reboot with a message saying ‘Repairing file system on C’. If you turn off your computer at this point it will halt the encryption process, allowing you to rescue the files to another machine.

If it gets as far as the ransom note, it will be a case of reformatting your hard drive and backing up your files from your back up – you do have one, don’t you?