Ransomware is one of the many things that keep many business owners up at night. The WannaCry attacks disrupted hundreds of thousands of computers and these cyber attacks will have a long-lasting business impact. In WannaCry’s wake, many businesses beefed up their cyber security plans, but it’s becoming increasingly difficult to outmaneuver cyber criminals. In fact, a new strain of ransomware called ‘Petya’ is crippling businesses worldwide, and it seems to have improved upon the flaws of WannaCry. Here are some essential information and updates about the ransomware.
What does it do?
Not to be confused with the actual Petya ransomware that came out in 2016, this variant of Petya -- called ‘NotPetya’ by security researchers -- is more dangerous. It can steal passwords from one computer and move to other systems within the same network completely undetected.
Like any ransomware, Petya encrypts files and demands to be paid $300 in Bitcoins. But unlike the victims of most ransomware like WannaCry, users affected by Petya can’t receive a decryption key to get back their files. That’s because Petya’s email provider has deactivated their account and effectively cut off any possible communication between the victim and hackers. Because of the way it works, Petya should be categorized as a wiper malware rather than a ransomware.
Key differences from WannaCry
The hackers behind Petya and WannaCry both succeeded in exploiting unpatched vulnerabilities in Microsoft systems, but the few striking differences between the two are worth noting. Here’s a quick rundown:
- Purpose
Petya’s main aim is not extortion, but destruction; it’s a wiper malware that disguises itself as ransomware specifically seeking to harm Ukrainian private and government institutions. In fact, it has made only around $5,000, while WannaCry has made over $120,000 in ransom money. The criminals behind the attack are still unknown, but the structural flaws in Petya’s ransom mechanism made it clear that it wasn’t created to make money. - Reach
So far, Petya has affected only 12,000 computers, while WannaCry has impacted 230,000. Both ransomware strains had a global impact, but Petya’s was mostly felt in Ukraine, where businesses in the energy, transportation, financial, and other industries were tremendously affected. - Design
Petya was meticulously created with no killswitch capable of shutting it down yet, whereas WannaCry is known to have several bugs and errors that led to its quick shutdown. Petya is also known to use PsExec, a tool that enables it to infect PCs with administrator rights to infect other computers within the same network. This means that hackers need to infect only one unpatched computer to infect an entire network -- including computers that have been patched.
What steps should businesses take?
Both WannaCry and Petya are highly destructive malware that are easily preventable by patching operating systems on time. Given their success, cyber criminals will likely improve upon these strains and launch more sinister threats in the future, and businesses have no choice but to implement stronger protections.
Security software companies have released updates to their antivirus products that specifically protect against WannaCry and Petya. Businesses need to make sure they have the latest versions to secure their first level of defense. Implementing stringent cyber security practices like creating strong passwords, junking suspicious email, and utilizing safe social media practices (i.e., not sharing too much information) also help.
Back up now
You may be able to save your files from getting encrypted by shutting down the computer while the ransomware is actively encrypting your files. However, this works only if it’s addressed within an hour of infection because it takes roughly an hour for an infected computer to reboot.
In case your computer gets infected, you should disable its internet connection and reformat your hard drive. The only thing that can save you from a Petya infection is your backups, and paying a ransom is akin to burning money.
It won’t be long until the next global cyber attack, but small businesses like yours shouldn’t feel hopeless. The challenge for many businesses today is making sure that simple IT tasks like updating operating systems and regularly performing backups are consistently performed. Fluid Networks’ cyber security services ensure businesses with limited IT resources are always secure. Call our experts today and let us know how we can help.