Petya Ransomware – The latest rival Uncovered

June 29, 2017 | By Natasha Devotta

The IT world is doomed with yet another strain of ransomware – Petya gushing out to knock down businesses with a loud uproar in UK, France, Europe, India and Ukraine Europe. The IT security experts are to have an extra pair of eyes to work on commendable security measures to stay ahead of such new threat variants.

Antivirus protection

What is Petya Ransomware

Petya ransomware is a piece of another influx of cyberattacks that has hit PC servers the whole way across Europe, encrypting the PC information and devastating business services in the corporate segment. Ukraine and Russia have experienced the worst infections. However the assault has likewise affected a few organizations in the US and other Western European nations. So what precisely is the Petya ransomware assault, and how can it influence a PC? Moreover, what precisely can you do to secure yourself or your organization against ransomwares?

As of today, there were more reports about another flood of ransomware attacks (alluded in the media by a few names, including Petya, Petrwrap, NotPetya and exPetr) spreading far and wide. It fundamentally focused on organizations in Ukraine, Russia and Western Europe. On the off chance that you were one of the appalling casualties, this screen may look unusual.

Ransomware Petya is not quite the same as its ancestor, it doesn’t scramble records on your network. Rather, the user’s system reboots to deactivate the Master File Table (MFT) and the Master Boot Record (MBR). The user-victim would not be able to access the system files and data while the ransomware has taken over. It exclusively has the authority to unlock the credentials only if the demanded ransom is paid on time. Petya replaces the MFT and MBR with its damaging code which shows the ransomware note. Regrettably, the victims are troubled and worried that they cannot reboot the network. Also it has been identified that only a few antivirus companies are effective enough to identify the Petya ransomware.

The ransomware is equipped with tailored tools a la Mimikatz, to spread the infection through the vulnerable exploit. The ransomware operates to extract sensitive data from the lsass.exe process. Once the critical information is extracted the credentials are passed on to PsExec tools so as to spread the infection throughout the network.

How Petya Ransomware Managed to Infect Systems Rapidly?

As much the same as WannaCry, Petya is exploiting SMBv1 Eternal Blue adventure – the unpatched Windows machines that are still being used as an exploit.

All things considered, it is very shocking that, even in the wake of thinking about the WannaCry issue for an average measure of time, enormous enterprises and organizations have not yet executed appropriate safety efforts to safeguard against such danger.

One won’t be astounded that notwithstanding all that noise encompassing Windows vulnerability that made WannaCry a taint infection, majority of the organizations still neglect to gain from the past, and stands defenseless against such digital assaults.

“Petya ransomware has been found successful in spreading the infection as it consolidates both a customer side assault (CVE-2017-0199) and a network-based infection (MS17-010),” tweeted by a security scientist recently.

Precautionary Measures

1. Take caution in identifying suspicious files that you get through anonymous emails. Click on the links only if the source is found genuine.

2. Install the best Internet security suite that is feature-full with next-gen techniques and solutions accommodating a robust antivirus software, firewall and endpoint security solutions.

Endpoint Security

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>