In a month of two, after the attack of 'WannaCry', a new Ransomware named 'Petya' started spreading across the world. It's a massive cyber attack that paralyzed firms, airports, banks and government departments that uses unpatched old Windows operating system.
Starting with Ukraine, it already spread many countries like UK, Spain and India. Check this post to know how to take precaution from such attacks.
As per the news, the said malware was first launched at Ukraine and Russia at the same time and paralyzed the systems of many firms, airports, POS, Banks, ATMs, government departments. Then it started spreading across other countries.
Victims of the malware were asked to pay a ransom, in the form of BitCoins, worth $300 after their hard drive is encrypted. Petya attack causes more havoc on machines than the WannaCry ransomware, which released in the month of May, and attacks hard drives rather than individual files and then it demands the ransom to unlock it.
Security experts stated that the ransomware released on Tuesday is using Eternal Blue to exploit the spread. According to the experts, if one of the computer out of a hundred didn't patch the Eternal Blue exploit, which was released by Microsoft, it can spread across the entire network and infect the unpatched systems within that LAN.
What to do, if your system got infected?
Good thing it, a flaw has been identified which may prevent your system from getting encrypted after it got affected. According to the security experts, Petya ransomware takes 1 hour after it infects the system and then automatically restarts the system with the following CHKDSK disk checking process screen.
If machine reboots and you see the message, immediately turn OFF the system. This is the encryption process that Petya is performing. If you do not power ON, the files will remain safe and you are good to go to take the backup of your files before formatting the drive.
When the malware infects your system, it demands BitCoin worth $300 and show you an email address to communicate to the hacker for the key to decrypt your drive. The email address has been already blocked and thus you won't be able to reach to the attackers. If your system got encrypted, don't pay any ransom to the BitCoin address specified in the screen as you won't get any decrypt keys.
How to prevent your system from such attacks?
Last but not least, upgrade to latest version of the Windows operating system and keep your system always patched as and when a update is available. This will reduce the chance of such attacks on your computer. Also, don't open or click any suspicious links that might be vulnerable to the system. Put a good antivirus software always running on your system. If you follow such precautions, you will stay safe.
Security Researcher Amit Serper found a way to vaccinate your system, so that, it won't get affected by the Petya ransomware. Just create a file named perfc without any extension and place it in the C:\Windows directory. When the ransomware runs and if it finds the specified file, it will stop immediately without affecting your hard drive files.