How To Survive The Petya Ransomware Attack?- The Threat Petya Is Much Dangerous Than Wannacry

The cyber attack launched on Tuesday 27 June 2017 has made by Petya ransomware who reached all the covers of the mainstream media. Petya Ransomware is much more sophisticated than WannaCry. The malicious computer virus is also known under following names:

1. Petya-esque Ransomware
2. NotPetya Ransomware
3. Petrwrap Ransomware
4. GoldenEye Ransomware
5. Win32/Diskcoder.C Ransomware
6. Petwrap Ransomware
7. wowsmith123456@posteo.net Ransomware
8. Petya.2017
9. Petya (Petya.A) Ransomware

In just a few hours, several thousand Windows computers were hit in 65 countries. Ukraine and Russia were the most affected (respectively 60% and 30% of infections). But the virus has spread to Germany, Belgium, Spain, France, the Netherlands, the United Kingdom, Brazil, India, the United States and Australia. The threat primarily focuses on older versions of Microsoft Windows, although experts recommend that Windows 10 users do not come down.

Once installed, the Petya ransomware encrypts the data contained in the hard drive using strong AES 128 and RSA 2048 encryption and then causes it to restart the machine and take full control of it. A message is then displayed on the screen of the victim to claim a ransom of 300 dollars (263 euros at the current course) payable in bitcoin.

From the moment it was able to infect a Windows PC, the virus will seek to spread to other machines on the computer network. For this, Petya uses two tools developed by the US National Security Agency (NSA) to exploit Windows security vulnerabilities: EternalBlue (already used by WannaCry) and EternalRomance. The breach in question concerns the SMB protocol that allows sharing files and peripherals between Windows PCs. While Microsoft has released patches for these vulnerabilities, but they have not necessarily been installed by most of the users.

But Petya has other strings to his bow since it is also able to find administrator identifiers and passwords thanks to which it can spread more widely on a network. And if that does not work, it can also proliferate via TCP communication ports 139 and 445.

Protect Your Computer From Petya Ransomware:

• The indicated computer virus seems to be able to infect all versions of Windows except Windows 10. Upgrading to Windows 10 is one of the best methods to protect you from the ransomware attack.

• Microsoft has already released a patch to address the vulnerability exploited by this ransomware using EternalBlue; Therefore, you must install security update MS17-010.

• Disable SMBv1 using Microsoft instructions. Please read the instructions carefully!

• Install a trusted security program and keep it up to date. Do not forget to update it frequently or, if possible, enable automatic updates.

• Keep all the programs of the computer also update the programs that you decide regularly. This is extremely important, as attackers tend to exploit security vulnerabilities in outdated and not very advanced programs.

• Do not disable the Firewall.

• Create backups. Find the data you want to protect, copy it and move it to a portable storage device, such as a USB. Unplug it from the PC and store it in a safe place.

What If Petya Ransomware Encrypted Your Files?

• Decide what you want to do- are you going to pay the cyber criminals? We do not suggest that you pay, as attackers often do not care about victims and do not return files once they have paid.

• If you decide not to pay, restart your PC in Safe Mode with Networking functions. This way, you will stop the virus and will not be able to continue with your activities. Wait for the computer to start up completely and then download a security program and update it to its latest version. Run a system check with this program, and if it does not detect the virus, consider using a more powerful malware removal program.

• Delete the detected virus using the security program.

• Take all precautionary measures described above to protect your system from cyber attacks.

You should not lose hope of restoring your files. If you have backups, use them to replace your encrypted files. If you do not have them, try the Data Recovery Tool described in this article on NotPetya Ransomware.

A blogger, Internet is her best friend and pretty expert in designing. By profession, she is a content writer and extremely fond of anything that is related to cyber security and latest malware.