Petya Ransomware | How It Spreads and How to Stay Ahead

June 30, 2017 | By Comodo

After an examination of the encryption routine of the malware utilized as a part of the Petya/ExPetr assaults, experts understand that the malware author can’t decode the casualties’ circle – regardless of the possibility that an instalment was made. As it turns out, this malware attack is more like a wiper but mimics a ransomware.

Ransomware

Reports about a new avatar of ransomware attacks have been disturbingly frequent since June 27th 2017. With different versions of names unveiled – Petya, NotPetya. Petrwrap and exPetr – causing a rift in the virtual space worldwide. It mainly focused its attack on organizations in Ukraine, Russia, and Western Europe.

Security experts have rolled up their sleeves to blow down the gale of such ransomware attacks. Ensuring regular checks on system updates and by prompting the user on any viable destructive exploits.

How Does Ransomware Spread?

The ransomware does the dirty job with Windows systems that are vulnerable. Users are to put down their feet to ensure ‘system updates’ stay ahead of threats. However, the scenario is different, with business organizations surprising us with outdated vulnerable Windows system even after being warned of a heavy blow in the latest wannacry attack. Vulnerable Windows systems that survived the wanna cry attack are certainly now prone to the trending ransomware onslaught.

What does Petya do ?

Petya works on four things.

1. It is a worm that runs in through the local vulnerable Windows system to infect the local network.

2. It is a ransomware that operates to encrypt the Master Boot Record this paralyses the company from starting up the right way.

3. It also works on other files as and when the Master Boot Record fails, the system stays uncontrolled and with the fourth component

4. It works to thieve usernames, passwords and other login credentials from the infected system.This routes the malicious body to move around and gain access to other systems in the local network with the looted credentials.

Who Is at Risk?

Personal computers though patched with the latest Windows updates and even if not connected to the business networks are likewise vulnerable to the Petya worm. There is also another chance of being at risk, that is when the individual system gets connected to the VPN. Petya does not infect Mac, Android and Linux devices while it works to target only the Windows Systems.

How to Stay Ahead of Petya Ransomware

Installing the right and powerful Endpoint Protection system would aide system security with surplus splurge of consistent security measures. It also enables automatic patch updates avoiding the Windows system to be an exploit on the counter. Ensure to invoke anti-malware, firewall features, and other intrusion prevention techniques for servers and desktops.

Endpoint protection

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>