In late June, a new ransomware attack was announced that was quickly spreading across the globe. Since then, after further analysis, it appears that this Petya ransomware isn’t in fact ransomware: it’s a wiper. Petya ransomware encrypts the master boot records of infected Windows computers, thus making the affected machines unusable. Because of the way the virus works, there appears to be no way for the attacker to decrypt a victim’s files – so don’t pay the ransom! It seems incredibly unlikely that victims would ever get their data restored.
The other notable aspect of Petya is that it uses a tool to obtain user credentials. It then uses these credentials to access other systems and infect other machines. An infected system’s files are encrypted with a 128-bit Advanced Encryption Standard algorithm. With this encryption method, it appears that files can’t be restored.
How Do Viruses & Ransomware Hurt You?
The potential harm of this malicious virus and other ransomware and malware infections include:
- Temporary and permanent loss of sensitive or proprietary information
- Disruption to regular business operations
- Financial losses incurred to restore systems and files
- Potential harm to a business’s reputation
The best way to deal with these problems is to avoid them in the first place. There are steps you can take to improve your cybersecurity.
How can you tell if you are protected? Petya has significant overlap with WannaCry (a ransomware strain that appeared in May 2017). If you took measures after the WannaCry outbreak, that will help protect you from Petya.
OXEN clients who have managed WorryFree Desktop, WorryFree Server, or Network Essentials plans are patched against known vulnerabilities and include Webroot and Malwarebytes for further anti-virus and anti-malware protection. Clients who have Anti-Virus or Anti-Malware plans only may still be at risk.
What can you do to protect yourself?
- Make sure your desktop and server operating systems are completely patched and up to date all the time. Microsoft has issued patches for the exploits that Petya and WannaCry use. In fact, a patch issued in March pre-dated the WannaCry attack, but many organizations hadn’t applied it. Apply updates immediately!
- If your operating systems are out of date, upgrade. Old, unsupported operating systems like Windows XP and Windows Server 2008 are specifically targeted by attackers because they lack ongoing security updates. And remember: Windows Vista reached end of life in April 2017. Windows 7 will be next. Upgrade to Windows 10 for the best protection.
- Enable strong spam filters to prevent phishing and malicious emails from reaching your users. (Is your email security tool good enough?)
- Ensure you have a strong and updated next-generation firewall.
- Make sure you have strong anti-virus and anti-malware tools that conduct regular scans.
- Lock down users’ permissions and restrict administrative privileges to those users who absolutely need it. This is the principle of “least privilege”.
- Restrict access to files and directories that users do not need.
- Disable macro scripts from Microsoft Office files transmitted by email.
- Implement employee education programs such as annual Security Training to teach staff about scams, malicious links, social engineering, and more. Educated employees are often the most important line of defense against cyber attacks.
- Regularly run penetration tests against your network (at least once a year!) and address any vulnerabilities or issues. (Interested in an assessment of your network’s performance and security?)
- Back up your data and regularly tests your backups to ensure they can be restored correctly.
OXEN Managed Services can help protect you against these threats and similar outbreaks of ransomware and viruses.
Don’t pay the ransom. Petya ransomware is a malicious wiping virus, and not truly ransomware. But this rule goes for true ransomware and other variants as well. Do not trust that an attacker will unlock your files if you pay up. They may or may not… or they may not be able to, as in the case of Petya.
If you have questions about your cybersecurity or fear that your systems may be infected with a virus, contact us immediately so we can help.
Source: TA17-181A: Petya Ransomware – https://www.us-cert.gov/ncas/alerts/TA17-181A