Petya is a new variant of the Petya ransomware family that has affected organizations across Europe.
This ransomware was first discovered in 2016 and it encrypts Master File Tree tables and overwrites the Master Boot Record, dropping a ransom note and leaving victims unable to boot or rather switch on their computers.
This new variant is particularly virulent because it uses multiple techniques to spread automatically within a company’s network once the first computer is infected.
The virus also attempts to spread internally by breaking administrator passwords and infecting other PCs on the network using remote admin tools. It can also spread internally by infecting network shares on other computers.
Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013.
“We’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike”, says Harish Chib, Vice president Middle East and Africa, Sophos.
According to Chib, Sophos Endpoint Protection products are protected against this new ransomware variant so their customers have nothing to worry about. He notes that with Sophos Intercept X customers were proactively protected with no data encrypted, from the moment this new ransomware variant appeared.
So how do you protect yourself from this virus?
Here are a few steps to avoid such attacks:
- Ensure systems have the latest patches, including the one in Microsoft MS17-010 bulletin.
- Consider blocking the Microsoft PsExec tool from running on users’ computers.
- Back up regularly and keep a recent backup copy off-site.
- Avoid opening attachments in emails from recipients you don’t know.