Update on Petya ransomware: It’s a wiper

By July 10, 2017Security
Petya ransomware: It's a wiper

In late June, a new ransomware attack was announced that was quickly spreading across the globe. Since then, after further analysis, it appears that this Petya ransomware isn’t in fact ransomware: it’s a wiper. Petya ransomware encrypts the master boot records of infected Windows computers, thus making the affected machines unusable. Because of the way the virus works, there appears to be no way for the attacker to decrypt a victim’s files – so don’t pay the ransom! It seems incredibly unlikely that victims would ever get their data restored.

The other notable aspect of Petya is that it uses a tool to obtain user credentials. It then uses these credentials to access other systems and infect other machines. An infected system’s files are encrypted with a 128-bit Advanced Encryption Standard algorithm. With this encryption method, it appears that files can’t be restored.

How Do Viruses & Ransomware Hurt You?

The potential harm of this malicious virus and other ransomware and malware infections include:

  • Temporary and permanent loss of sensitive or proprietary information
  • Disruption to regular business operations
  • Financial losses incurred to restore systems and files
  • Potential harm to a business’s reputation

The best way to deal with these problems is to avoid them in the first place. There are steps you can take to improve your cybersecurity.

Recommended Solutions

How can you tell if you are protected? Petya has significant overlap with WannaCry (a ransomware strain that appeared in May 2017). If you took measures after the WannaCry outbreak, that will help protect you from Petya.

OXEN clients who have managed WorryFree Desktop, WorryFree Server, or Network Essentials plans are patched against known vulnerabilities and include Webroot and Malwarebytes for further anti-virus and anti-malware protection. Clients who have Anti-Virus or Anti-Malware plans only may still be at risk.

What can you do to protect yourself?

  • Make sure your desktop and server operating systems are completely patched and up to date all the time. Microsoft has issued patches for the exploits that Petya and WannaCry use. In fact, a patch issued in March pre-dated the WannaCry attack, but many organizations hadn’t applied it. Apply updates immediately!
  • If your operating systems are out of date, upgrade. Old, unsupported operating systems like Windows XP and Windows Server 2008 are specifically targeted by attackers because they lack ongoing security updates. And remember: Windows Vista reached end of life in April 2017. Windows 7 will be next. Upgrade to Windows 10 for the best protection.
  • Enable strong spam filters to prevent phishing and malicious emails from reaching your users. (Is your email security tool good enough?)
  • Ensure you have a strong and updated next-generation firewall.
  • Make sure you have strong anti-virus and anti-malware tools that conduct regular scans.
  • Lock down users’ permissions and restrict administrative privileges to those users who absolutely need it. This is the principle of “least privilege”.
  • Restrict access to files and directories that users do not need.
  • Disable macro scripts from Microsoft Office files transmitted by email.
  • Implement employee education programs such as annual Security Training to teach staff about scams, malicious links, social engineering, and more. Educated employees are often the most important line of defense against cyber attacks.
  • Regularly run penetration tests against your network (at least once a year!) and address any vulnerabilities or issues. (Interested in an assessment of your network’s performance and security?)
  • Back up your data and regularly tests your backups to ensure they can be restored correctly.

OXEN Managed Services can help protect you against these threats and similar outbreaks of ransomware and viruses.

And finally…

Don’t pay the ransom. Petya ransomware is a malicious wiping virus, and not truly ransomware. But this rule goes for true ransomware and other variants as well. Do not trust that an attacker will unlock your files if you pay up. They may or may not… or they may not be able to, as in the case of Petya.

If you have questions about your cybersecurity or fear that your systems may be infected with a virus, contact us immediately so we can help.


Source: TA17-181A: Petya Ransomware – https://www.us-cert.gov/ncas/alerts/TA17-181A

Recent Posts / View All Posts

Equifax data breach - Hacking in action

Equifax Breach: What should you do to protect yourself?

| Announcements, Security | No Comments
The big news this past week has been the Equifax breach. On September 7, Equifax — a top credit reporting firm — announced that hackers stole consumer data from mid-May...
Office 365 Backup - Concept

Webinar: The Importance of Office 365 Backup

| Backup, Events, Webinar | No Comments

We invite you to register for our next free OXEN webinar, “The Importance of Office 365 Backup”, at 10:30 AM CST on September 27th. Why Back Up Office 365? Despite its location in the cloud, Microsoft Office 365 data remains vulnerable to acts of human nature. While Microsoft does replicate and back up its Office 365 service, it only protects its own interests by making sure any loss on its end can be recovered. Microsoft’s backup does not protect you from user errors such as accidental deletion, an employee maliciously deleting files, or someone gaining unauthorized access and deleting files….

Data security practices

A Short Guide to Data Security Practices for Your Business

| Security | No Comments

Much has been said about data security practices and cybersecurity measures that businesses should follow. All the information and recommendations out there can be confusing and overwhelming. Large data breaches and multiple scary ransomware attacks have dominated the news for years now. Each time businesses have to ask, “Should we be worried? Are we a target? What can we do to defend ourselves?” So here’s a short beginner’s guide on keeping your data safe and your risks low. #1 Don’t ask for information you don’t need Don’t ask for and don’t hold confidential information “just because”. If you don’t store…