- Petya Ransomware Spreading Rapidly Worldwide
Petya is a piece of ransomware and its working is very different. Unlike other ransomwares, which starts encrypting your files one by one, Petya does not encrypt files on a targeted system but reboots victim’s computer and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Once a system is infected with Petya ransomware, it replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot. Petya ransomware is targeting windows system’s by using previously disclosed vulnerability. Much like WannaCry ransomware, Petya ransomware is using SMBv1 EternalBlue exploit, and taking advantage of unpatched Windows machines. According to a security researcher, Petya ransomware has been successful in spreading because it combines both client-side attack (CVE-2017-0199) and network based threats (MS17-010). EternalBlue is a Windows SMB exploit leaked by the infamous hacking group Shadow Brokers in April 2017. The Petya targeted worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.
Cyber security Tips: To prevent yourself from Petya ransomware users are strongly recommended to install patch release by Microsoft, keep yourself up-to-date, if you are using unsupported windows system apply the emergency patch released by Microsoft today, modify your firewall configurations to block access to SMB ports over the network or the Internet, Disable SMB, Keep your Antivirus software up-to-date, Backup Regularly and be aware of phishing