The latest ransomware in the cyberspace called “Petya” is infecting computers around the world at an incredible speed. It uses a vulnerability in the Windows OS that Microsoft patched in March 2017 — notably, it is the same virus that was exploited by the recent and prolific WannaCry ransomware strain.
What is Ransomware?
Ransomware is a type of malicious software (malware) that prevents access to a computer or its data and demands payment to release it.
How does it work?
When a PC is infected by the malware, it quickly and secretively encrypts essential documents and files and then demands a ransom. The user needs to make the payment through Bitcoin, to get the digital key to unlock the encrypted files. Generally, victims across the globe choose to go with a recent back-up of the files. At times, paying up the ransom doesn’t guarantee retrieving all lost files.
Petya – What is it?
Petya is a latest ransomware virus. The malicious software targets computers and infects them, in the process, it gets to encrypts some of the data on it. With this secretively happening in the background, the computer owner is shown a message which explains how to pay through Bitcoin to get the keys for getting their data back.
The name of the malware is derived from the popular James Bond film GoldenEye where a satellite named Petya is the sinister plot in the 1995 blocker-buster. The malware’s author released a picture of the actor Alan Cumming, who played the villain, as its avatar in the suspected Twitter account.
Several companies in Europe and the US have been paralyzed by the “Petya” ransomware attack. Notably, this includes large firms such as the food company Mondelez, advertiser firm WPP, legal firm DLA Piper and Danish shipping and transport firm Maersk. As mentioned above, this led to computers and data being locked up and held for ransom.
After a day when the attack began, a minimum of 2,000 attacks was recorded across 64 countries. Everything began with Ukraine organizations taking the first hit which included a central bank, main international airport, and even the Chernobyl nuclear facility. From then on it quickly spread around the globe. Of late, few Australian companies too complained of becoming a victim to Petya attacks.
How can it be stopped?
The security researcher at the International Computer Science Institute and a lecturer at UC Berkeley – Nicholas Weaver described Petya as a well-engineered and destructive ransomware strain.
It is a masquerading ransomware – pseudonymous security researcher Grugq described that the real Petya “was a criminal enterprise for making money,” however, the new version “is definitely not designed to make money. Ukrainian authorities blamed Russia for previous cyber-attacks, including one on its power grid at the end of 2015 that left part of western Ukraine temporarily without electricity. Russia denied all the claims.
Petya malware infects computers and then remains dormant at least for an hour’s time before the machine reboots. When the computer reboots, the user needs to turn the computer OFF to prevent the files from being encrypted. In case the system reboots with the ransom note, just don’t pay the ransom. Simply, disconnect the computer from the internet, reformat the hard drive and reinstall the files from your backup. In order to do this, a user has to back up their files regularly and keep their anti-virus program up to date.
Comodo’s patented containment technology blocks threats or harmful files from attacking your computers. If you are in search of a good antivirus program, Comodo Anitvirus is your best bet. For more details visit the official page.