Update on Petya ransomware: It’s a wiper

By July 10, 2017 December 13th, 2017 Security
Petya ransomware: It's a wiper

In late June, a new ransomware attack was announced that was quickly spreading across the globe. Since then, after further analysis, it appears that this Petya ransomware isn’t in fact ransomware: it’s a wiper. Petya ransomware encrypts the master boot records of infected Windows computers, thus making the affected machines unusable. Because of the way the virus works, there appears to be no way for the attacker to decrypt a victim’s files – so don’t pay the ransom! It seems incredibly unlikely that victims would ever get their data restored.

The other notable aspect of Petya is that it uses a tool to obtain user credentials. It then uses these credentials to access other systems and infect other machines. An infected system’s files are encrypted with a 128-bit Advanced Encryption Standard algorithm. With this encryption method, it appears that files can’t be restored.

How Do Viruses & Ransomware Hurt You?

The potential harm of this malicious virus and other ransomware and malware infections include:

  • Temporary and permanent loss of sensitive or proprietary information
  • Disruption to regular business operations
  • Financial losses incurred to restore systems and files
  • Potential harm to a business’s reputation

The best way to deal with these problems is to avoid them in the first place. There are steps you can take to improve your cybersecurity.

Recommended Solutions

How can you tell if you are protected? Petya has significant overlap with WannaCry (a ransomware strain that appeared in May 2017). If you took measures after the WannaCry outbreak, that will help protect you from Petya.

OXEN clients who have managed WorryFree Desktop, WorryFree Server, or Network Essentials plans are patched against known vulnerabilities and include Webroot and Malwarebytes for further anti-virus and anti-malware protection. Clients who have Anti-Virus or Anti-Malware plans only may still be at risk.

What can you do to protect yourself?

  • Make sure your desktop and server operating systems are completely patched and up to date all the time. Microsoft has issued patches for the exploits that Petya and WannaCry use. In fact, a patch issued in March pre-dated the WannaCry attack, but many organizations hadn’t applied it. Apply updates immediately!
  • If your operating systems are out of date, upgrade. Old, unsupported operating systems like Windows XP and Windows Server 2008 are specifically targeted by attackers because they lack ongoing security updates. And remember: Windows Vista reached end of life in April 2017. Windows 7 will be next. Upgrade to Windows 10 for the best protection.
  • Enable strong spam filters to prevent phishing and malicious emails from reaching your users. (Is your email security tool good enough?)
  • Ensure you have a strong and updated next-generation firewall.
  • Make sure you have strong anti-virus and anti-malware tools that conduct regular scans.
  • Lock down users’ permissions and restrict administrative privileges to those users who absolutely need it. This is the principle of “least privilege”.
  • Restrict access to files and directories that users do not need.
  • Disable macro scripts from Microsoft Office files transmitted by email.
  • Implement employee education programs such as annual Security Training to teach staff about scams, malicious links, social engineering, and more. Educated employees are often the most important line of defense against cyber attacks.
  • Regularly run penetration tests against your network (at least once a year!) and address any vulnerabilities or issues. (Interested in an assessment of your network’s performance and security?)
  • Back up your data and regularly tests your backups to ensure they can be restored correctly.

OXEN Managed Services can help protect you against these threats and similar outbreaks of ransomware and viruses.

And finally…

Don’t pay the ransom. Petya ransomware is a malicious wiping virus, and not truly ransomware. But this rule goes for true ransomware and other variants as well. Do not trust that an attacker will unlock your files if you pay up. They may or may not… or they may not be able to, as in the case of Petya.

If you have questions about your cybersecurity or fear that your systems may be infected with a virus, contact us immediately so we can help.


Source: TA17-181A: Petya Ransomware – https://www.us-cert.gov/ncas/alerts/TA17-181A

Recent Posts / View All Posts

IT Leadership | Shared CIO

You Need IT Leadership

| Consulting, Leadership | No Comments
Missouri is just beginning to emerge from its stay-at-home order in response to the pandemic threat. Who ever imagined that pandemic planning policies would become a reality? What was once regarded as a threat with low probability of occurrence will likely become a much higher probability as we navigate through the coming years. The realization of this threat has certainly changed the way we view ourselves and the world around us. It has sensitized us to our newfound vulnerability. This month, I am writing to you from the Joplin, MO office of OXEN Technology. Considering our present circumstances, our physical…
Tech Tip Background

Office 365 Tip: Create a file request in OneDrive

| Office 365, Tech Tip | No Comments
If you need to obtain files from various people, you can use OneDrive to create a file request that allows others to upload documents directly to a folder you specify. This gives people a quick way to transfer files to you without giving them view or edit permissions to your OneDrive folder. Here’s how! Note: This feature is not available in Office 365 Government. For file requests to work, your Office 365 administrator must enable Anyone links in OneDrive. Requesting Files Using OneDrive Online, select the folder where you want others to upload their files. Click Request files on the…
Virtual Private Network

What is a VPN and do you need one to work from home?

| Security | No Comments
Since businesses started shifting to remote work due to COVID-19, OXEN has seen a sizeable uptick in requests for purchasing and implementing VPNs for at-home workers. You’ve probably seen that a Virtual Private Network (VPN) connection is often recommended for securely working from home while accessing company resources. So what’s a VPN for in this context, and do you need one? If you’re a business manager, do you need a VPN connection for every employee who’s now working from home? Read on for our tips. What Is a Virtual Private Network? VPN stands for “Virtual Private Network”. It creates a…