Home » Blog » Technology » Know About Petya Ransomware & its Protective Measures

Know About Petya Ransomware & its Protective Measures

Petya Ransomware
Mariya Beckham ~ Modified: July 4th, 2017 ~ Technology ~ 6 Minutes Reading

Petya Ransomware – What it is & How to Prevent from it?

There is a lot of talk about the latest Ransomware in the line of many Cyber attacks, called ‘Petya’. It comes in after series of attacks from ‘Wannacry’ that hit millions of systems worldwide. Petya Virus takes it at a notch above by encrypting data stored on a user computer. It corrupts the files and duplicates itself in such a manner that either the system will not boot up or keep shutting down as soon as it is powered on. Most systems are asked for a ransom of up to $300 to be deposited in Bitcoins only. Then the malicious party will release the decryption key. There is a lot more that has come to light regarding this Petya Ransomware. Now, below we are going to Read more about Petya cyber attack to find out what caused the attacks and how users can prevent themselves.

What is a Ransomware?

A Ransomware is a type of Cyber attack to a user computer. This is a malicious application like a virus or malware. It becomes active when an attachment from an unknown sender is opened. The malicious entity then blocks all access to user drives and partition of a desktop, tablet or a phone. Then, a Ransom is asked by the group to release document otherwise they spread the virus to the attacked system. However, In Petya Ransomware there is no guarantee that the data will be released even after paying the Ransome amount. This Petya virus is a major threat nowadays for a government organisation & corporate.

What About Petya Ransomware?

Some time back, there was an older version of ransomware that was called, Petya. This latest one somewhat has the same source code. In many ways they are similar, hence the name Petya Cyber Attack has already crippled huge companies all over the United States and Europe. More than 65 countries have been reported being hit by this Petya virus.

A number of companies i.e. advertising company WPP, shipping company Maersk, legal form DLA Piper have been hit by this Petya Ransomware the most. During the Petya Cyber Attack Most of their systems are unable to work and daily routine has ceased. The work flow has been affected in which Ukraine the most as this was the epicenter of the viral attack. Many important infrastructures like metro, the central bank, and airport have been hit. The Chernobyl nuclear power plant was forced to perform manual inspections for radiation. That was very dangerous for people doing this because of Petya Virus.

How Does The Petya Cyber Attack work?

Petya Ransomware is a lot different than any other ransomware in the market. Petya Cyber Attack low-level structures on a drive and denies access to the full system. A boot loader contains the files that are needed by the operating system to boot. This malware has created its own version of a bootloader. This loader has its own kernel which is 32-bit long. It overwrites the Master Boot Record(MBR) and places its own version in it. After this, encryption starts in two phases. In the first stage, the ‘Petya Virus’ dropper encrypts the beginning of the disk. Any useful data can be recovered at this stage. The next stage is chkdsk which completely ruins file system of a computer.

A Petya Ransomware comes disguised as a PDF file of a resume which is actually a zip file. This email attachment can be opened through a Dropbox location where it is saved. Once it opens, it completely depends on the user to allow administrative privileges to open it. Once the permission is given, the Petya Cyber attack initialize.

How is it Different From Wannacry?

Petya Ransomware is slightly different from Wannacry. As, Wannacry Virus was a massive attack that affected hundreds of thousands of computers in over 150 countries while Petya Cyber Attack hits a similar attack that has already affected over 2,000 computers worldwide. This is the second massive Cyber attack due to Petya Ransomware in a matter of just two months. Many may say that both attacks are quite similar since both use Microsoft weakness. Both infiltrate the system through the EnterNal Blue vulnerability. But they are not similar, here’s how:

  • It comes in the form of email attachments unlike Wannacry
  • It does not encrypt files but overwrites data on file system
  • Petya Virus uses fake Microsoft digital signature which has been copied from Sysinternals.
  • Petya can also be spread through Windows Management Instrumentation

Measures To Protect System And Prevent Cyber Attacks

Due to Petya Ransomware Major antivirus companies have updated their systems to actively detect and block Petya infection from infiltrating systems. Many security software companies like Kaspersky and Symantec have worked to release updated virus files to all systems worldwide. However, there are preventive measures that can be taken by a user and administrative teams to ensure that their systems remain safe and secure during this wave of Petya Cyber attack. Here are some of the initiatives listed below:

  • Keep Windows up-to-date especially the latest March version. This defends systems from EternalBlue vulnerability.
  • Petya virus searches for a specific file that triggers the check disk step. Ensure the file C:\Windows\perfc.dat is on the system saved somewhere. This may stop the corruption of file system but cannot prevent the virus from attacking other systems on the network.
  • Do not in any way pay the ransom as the Posteo email used for providing description key has already been blocked by the company. Hence, there is no guarantee of the system being restored.
  • Take regular backups of files and shut down the system if suspected of being attacked.
  • While you are hit by Petya Ransomware Disable file sharing and network connectivity to avoid spread to other systems on the network.

Wrapping It Up

It is intelligent to be aware of the most recent Petya Cyber attack that have been destroying businesses all around the globe. Hackers have reached a new low by attacking file system and asking for ransoms. There is no guarantee of the hard drive being reinstalled to its previous condition even after the bill is paid. It is affected businesses and daily workers alike. Metro traffic, air traffic is all at a halt in the Ukraine. It is a clear attack on the country by attacking its crucial infrastructure affecting millions of daily workers. Petya Ransomware is just one of many devastating activities. It takes down major companies and all employees are doomed. Either the ransom needs to be paid or workplace will come to a stand still due to Petya Cyber Attack.