A recent threat to multiple small and large organizations has been on the loose with the emergence of a new ransomware known by the name of the Petya Ransomware. The threat emerged on 27th June, 2017 and has been spreading ever since. The ransomware uses the same exploit to spread itself as the one used by WannaCry, the ‘Eternal Blue Exploit’.
The Petya ransomware has been existent since 2016 and it is a different kind of malware. Instead of just encrypting the files present on the system, it also encrypts the master boot record (MBR) and overwrites it. The ransomware demands $300 to be paid in bitcoins in order to regain full access of your system. According to F-Secure:
“Petya is a new ransomware with an evil twist: instead of encrypting files on disk, it will lock the entire disk, rendering it pretty much useless. Specifically, it will encrypt the filesystem’s master file table (MFT), which means the operating system is not able to locate files”
How does it spread?
The ransomware spreads by exploiting the MS17-010 vulnerability, commonly known as the Eternal Blue exploit. However, other methods of spreading the malware are still being investigated.
The malware is mostly attacking organizations in Europe. However, it is not true to say that it is a targeted attack as there have been reports stating the spread of the attack in different geographical locations.
How to protect yourself?
If you are hosting a big organization, you are likely to be attacked by the malware. However, there are some steps you can take and some programs you can use to protect yourself from this newly released ransomware.
Symantec Endpoint Protection (SEP) and Norton products should be used as antiviruses. These provide security against such threats and protect users against these attacks by securing the MS17-010 vulnerability. Other than that, SONAR behavior detection technology is also being used to detect the Petya ransomware.
The components related to this ransomware are detected by the name of Ransom.Petya.
Currently there are two IPS protections available by Symantec to protect systems from the attack:
Featured image: Alex Castro / The Verge