petya-ransomware

Yes, you read right above….No, we’re not scaring you. Yes, it’s(Petya) kind of ransomware or WannaCry the one that infected about 3,00,000 systems within 72 hours on 12th May.

According to the latest report from sources of The Hacker News, a new form of ransomware attack – Petya is started spreading.  Which is also known as Petwrap, works on the same vulnerability of Windows SMBv1 which was used in WannaCry to infect the systems.

Petya is also kind of ransomware demanding around 300$ in form of bitcoin but works differently than WannaCry. Petya does not encrypt files of targetted system but gone beyond that & reached the root of it. Petya reboots the computer of victim & encrypts the hard disk’s master file table (MFT) which affects the functionality of master boot record (MBR) & seize the files names, sizes & location of hard disk.

petya ransomware-1
Petya infection screenshot shared on Twitter

As of now, Petya ransomware infected many Banks, Telecom, Businesses & Power Companies. It also infected Russian state-owned oil giant Rosneft, Ukrainian state electricity suppliers, “Kyivenergo” and “Ukrenergo”.

Many of the infected victims started paying to unlock their files, as of now around 20 peoples have already paid  300$ towards the hacker’s bitcoin address 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX .

petyapayout

Still thinking how all this mess started, it all started with the leaked by Shadow Brokers hacking group which leaked the NSA’s windows hacking tools containing the EternalBlue exploit that targets SMB file-sharing services on Microsoft’s Windows systems. Well, surprisingly that’s what one of Twitter user xXToffeeXx (@PolarTofee) found the code for eternalblue inside Petya based ransomware.

Well, do not need to worry or panic, if you take some basic safety precautions then you are safe from this ransomware outbreak. Check the list of measures below, that you need to ensure the safety of your data & systems from this attack.

  1. Make sure your systems are up-to-date and Apply the patches released by Microsoft. PATCH NOW!!!
  2. Disable SMB service which is causing infection. Follow steps HERE described by Microsoft.
  3. Enable your firewall & block SMB,  TCP ports 137, 139, and 445, and UDP ports 137 and 138.
  4. Do not click/open any links, suspicious or unwanted files sent in email.
  5. Make sure your antivirus is up-to-date with latest virus definitions.
  6. Beware of Phishing emails.
  7. Take a backup of your data periodically in an external storage device.
  8. Browse the Internet with precaution.

That’s all for now, stay tuned to our site for the latest updates, we will keep you posted.

Images by The Hacker News

LEAVE A REPLY

Please enter your comment!
Please enter your name here