Companies are again at the mercy of a global ransomware attack. This time it is known as “Petya”.
Reminiscent of the WannaCry epidemic last month that affected 99 countries, this virus attacks the operating system through its Server Message Block protocol (SMB), encrypting data and then demanding a ransom to unlock it.
David Sykes, business security expert at Sophos, explained to Business Insider in further detail what the new cyberattack is and what it does.
Petya was first discovered in 2016 – it is ransomware that encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer.
This new variant is particularly virulent because it uses multiple techniques to spread automatically within a company’s network once the first computer is infected.
The exploit attacks vulnerable Windows Server Message Block (SMB) service, which is used to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin in March, but the exploit proved instrumental in the spread of WannaCry last month.
The new Petya variant can also spread by using a version of the Microsoft PsExec tool in combination with admin credentials from the target computer.
Here’s how Sykes suggests people protect themselves
- Ensure systems have the latest patches.
- Consider blocking the Microsoft PsExec tool from running on users’ computers. A version of this tool is used as part of another technique used by the Petya variant to spread automatically
- Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands
- Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job