PETYA AND WHAT IT IS
Petya is a family of encrypting ransomware that was first discovered in 2016. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive’s file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system. Petya is the new malware that is more dangerous than previous ransomware WannaCry. Petya has more power to create big damages. Ransom.
Petya is a Trojan horse that encrypts files on the compromised computer.
The second massive cyber attack, a variant of the ransomware Petya re-emerged using the same Eternal Blue exploit and hit organizations worldwide, especially Ukraine. It is found to exploit MS Office and SMBv1 vulnerabilities and has worm capabilities, which allows it to spread quickly across infected networks.
Can I be Safe? What to Do. Here are some of the tips to protect the user’s computer from this trending Ransomware.
1. Download latest patch from Microsoft:
Petya has the same function with WannaCry, as this malware finds a vulnerability in older systems of Windows. The function in Window’s older systems is called EternalBlue. This system is not supported already by Microsoft because it is too old as it targets the security vulnerability MS17-010. This is the same vulnerability which WannaCry Ransomware has been exploiting to spread.
Microsoft releases a patch that protects computers from this kind of ransomware attacks. You should ensure that latest patches are downloaded and installed and any older Windows operating systems upgraded.
Easy still you can enable Microsoft Windows automatic update tor the Patch download and upgrade.
2. Install active antivirus : Security Programs
Ensure that a trusted antivirus is installed and upgraded regularly for the protection service. The Antivirus programs will update the you if there is an upcoming threat that is dangerous. This kind of special programs including security features that the user can see in other devices. This program consists of protective software that is free, firewalls and an updated anti-virus programs.
3. Don’t click on anything that is suspicious
You must not click on suspicious links else you put your computer vulnerable from of phishing emails. This type of emails is almost legitimate when you see it in the first place. These emails are so powerful that it can automatically install a malware in the user’s computer with noticing it.
check the domain rather than checking the from name only in order to sort the an email.
3. Secure yourself when connecting public Wi-Fi by VPN
When using a public internet connection or Wi-Fi, you are tracked. It means that all people that connected in the network are viewed. That’s is why there is a prompt in the computer if the network is Home or Public. If the user chose public, the computer automatically hides the information needed by using VPN. This feature is already set in the user’s settings.
If the user does not have VPN in a computer, there are many free applications out there. The user’s usage of VPN can protect you to be tracked by someone else. Although it cannot help the user to have fight malware, this feature can help you to be not the target of hackers.
4. Ensure you take a backup of your data to some external disk regularly. You can take advantage of G-Drive, One Drive for istance….if commercial try Carbonite, idrive, mozy, acronis or that other choice
5.Avoid login to computer with Administrative privileges. Work with user account that has standard user privileges and not administrative privileges.
If a threat is executed in my computer, can I still prevent my data?
If by mistake someone executes the threat on an unprotected computer by clicking on the link in the email and downloading the attachment, and if you see a BSOD (blue screen) that restarts your computer, you can still save your data by not restarting the computer. Just keep it switched off.
When you see the BSOD screen and the system re-starts only the MBR is replaced and your data on the disk is still intact and it can be accessed by mounting the hard disk on some other clean system. Make sure you do not boot the infected computer hard disk at that stage. Once mounted the data can be accessed and copied.