Petya Ransomware rapidly spreading across the globe
On Tuesday, a ransomware called “Petya” or “Petrwrap” struck organizations and companies across the world in a series of attacks reminiscent of last month’s WannaCry.
Researchers first sighted the ransomware in Ukraine, where it attacked government offices, banks, power companies, and Kiev’s airport and public transit. It has reportedly spread throughout Europe and the United States, attacking computers at Danish business conglomerate Maersk, Russian oil company Rosneft, U.S. pharmaceutical giant Merck, and multinational law firm DLA Piper.
Analysts believe the ransomware is taking advantage of the EternalBlue vulnerability. This vulnerability was also used in the WannaCry attacks, and is thought to have been created by the NSA.
What is Petya?
Like WannaCry, the Petya ransomware displays a message saying that the computer’s files have been encrypted, and demanding a payment of $300 worth of Bitcoin for the decryption key.
Security researchers and law enforcement are currently at a loss as to who is behind the attack.
“We are urgently responding to reports of another major ransomware attack on businesses in Europe,” said Rob Wainwright, executive director of Europol.
According to early reports, the criminals behind the attack may have purchased the ransomware on the darkweb as “ransomware-as-a-service,” which means almost anyone could have launched it, and will likely prove very difficult to trace. Petya requests its victims send their ransom to a single bitcoin address. This may be an indicator that the cybercriminals behind the attack are inexperienced. A more sophisticated ransomware attack will generate a new bitcoin wallet for every ransom payment. As of about 3:00 EDT, the address has received about $7,000 in payments.
Researchers identified previous strains of Petya in 2016, when it was used in targeted attacks against organizations. The current version of Petya appears to be indiscriminate, attacking organizations and consumers alike. According to some reports, the ransomware has been spreading through spear-phishing attacks. These attacks trick unsuspecting users into clicking a malicious link in an email, which unleashes the ransomware.
How should you protect yourself?
Matthieu Suiche, a French security researcher who helped stem the spread of WannaCry said on twitter, “This seems like a more lethal version of WannaCry. Bottom line is: Patch your systems, have a backup strategy, and work with professionals.”
Windows computers with the March 2017 and April 2017 patches installed should be safe from the attack. If you use a windows device without these patches installed, you should install them as soon as possible.
As a precaution, you should also:
- Be on the lookout for suspicious emails and links
- Backup all files
- Keep endpoint protection software (antivirus, firewall, etc.) up to date
If you do fall victim, should you pay the ransom?
If Petya does infect your computer, the standard ransomware advice applies: Don’t pay the ransom. Why? Because paying up encourages the cybercriminals behind the attack and other would-be cybercriminals.
Julia Sowells375 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.