What is it?
Petya is another addition of ransomware, which is a type of cyberattack that locks users out of their computer and encrypts their files, to then demand a (usually monetary) ransom in order to unlock it.
Although, Petya is essentially May’s WannaCry outbreak, with a few more features. It reboots your computer with a new startup screen stating that the computer’s files are all encrypted and it can only be unlocked by sending $300 worth of Bitcoin to a specific address.
Although it has been reported that victims of the cyberattack can no longer unlock their computer even if they pay the ransom.
WE STRONGLY URGE ALL CUSTOMERS USING WINDOWS COMPUTERS AT HOME/WORK TO ENSURE THEIR SYSTEM IS UP TO DATE.
So far, we know that:
- After hitting some major companies in Europe, it has reached some companies in Australia, such as Cadbury chocolate factory in Tasmania
- Posteo, the email provider that the Petya creator is using for the cyberattack, has announced that they’ve shut down the inbox, which means that Petya victims won’t be able to email the ransomware creator in case they do want to pay the ransom and recover their files
- Speculation suggests that it originated in Ukraine via a tainted accounting software
Whatever the case, protecting yourself against Petya is fairly simple and requires 3 steps:
- First, ensure your Windows computer is up to date or at least has Microsoft’s April 2017 security-patch bundle installed. Supported Windows versions such as 7, 8.1 & 10 will already be protected so long as you have automatic updates enabled – if not, you should run these updates now. If on the other hand, you are using an unsupported version such as XP, Vista, 8 or Server 2003, you will need to manually download and install the patch.
- Second, ensure you are running reputable Antivirus software on your computer, such as BitDefender, Kapersky, McAfee or Symantec/Norton and so on.
- Before connecting your personal Windows computer to any large corporate/enterprise networks over the coming days, first, check in with their IT team to ensure the company is clear of the infection.
There have been reports of a ‘fix’ or ‘killswitch’, but there really isn’t. They simply prevent it from running the encryption part of the payload, but it will still spread from the infected machine. The best fix is to patch the system and ensure everyone is wary of opening attachments or files that they are not 100% sure about, and failing that, using something like Sandboxie to open things.