What is Petya Ransomware and How to Avoid Petya attack?

Petya is a type of Ransomware attack. It has affected Windows OS. Petya is a family of encryption ransomware that was first discovered.

It finds all of your files and encrypts them and then leaves you a message. If you want to decrypt them, you have to pay. The ransomware encrypts data on the computer using an encryption key that only the attacker knows. If the ransom isn’t paid, the data is often lost forever.

The Petya attack chain is well understood. Here are the four steps in the Petya chain:

1. Prepare – The Petya attack began with a compromise of the Medoc application (malware delivered tool). As organizations updated the application, the Petya code was initiated.

2. Enter – When MEDoc customers installed the software update, the Petya code ran on an enterprise host and began to propagate in the enterprise.

3. Traverse – The malware used two means to traverse:

  • Exploitation – Exploited vulnerability in SMBv1.
  • Credential theft – Impersonated any currently logged on accounts (including service accounts).

Note: That Petya only compromised accounts that were logged on with an active session (e.g. credentials loaded into LSASS memory).

4. Execute – Petya would then reboot and start the encryption process. While the screen text claimed to be ransomware, this attack was clearly intended to wipe data as there was no technical provision in the malware to generate individual keys and register them with a central service (standard ransomware procedures to enable recovery).

Avoid Petya attack:

1. Don’t slack on social media security

The best defense is to have a great offense when it comes to preventing ransomware attacks. Your offense can start with your social media accounts. Make sure your profiles are private and only share them with people you actually know.

“Don’t share too much personal information, especially in your biography or personal details areas,” Jason Bradlee, executive vice president and head of security at Fujitsu America Inc., told CNET.  “It’s easy for cybercriminals, stalkers, and people, in general, to get addresses, phone numbers, dates of birth, etc. from these places both within the site, like Facebook, LinkedIn, and Twitter, as well as from Google or Bing.”

2. Be careful with your emails

IT service providers report that 46 percent of the ransomware attacks they observed were caused by email or phishing scams.

“The most common form of social engineering, phishing emails work so well because the attackers are getting better at masking their intentions”.

An email may also be shifty if it asks you to:

  • Reset your ID
  • Reset your password
  • Provide them with the account or personal data
  • Open a new web browser tab or window and go directly to that site to make change

3. Don’t brush off passwords

Yeah, passwords are a hassle, but they are a key way to thwart hackers. Make sure your passwords are complex to protecting your data. “Also, changing your passwords completely (meaning not just one character, but the entire password) every couple of months will help keep the bad actors guessing and your data that much safer”.

4. Keep your Windows updated

Petya (malware that mimicked a ransomware attack) and WannaCry both used vulnerabilities in computers that hadn’t updated their Windows operating system. New updates are regularly released to shore up holes that hackers may use to attack a computer system. You need to ensure your computer is updating as soon as these patches are released.

With Windows 10, updates will install automatically. Older versions may need to be manually switched on.

Leave a Comment

Your email address will not be published. Required fields are marked *

two × two =