How to Protect Yourself from Petya and NotPetya Ransomware

The world was recently attacked by a major ransomware attack known as NotPetya software that infected more than 20,000 computers and held confidential information in return of a ransom payment. However, it is definitely not the first or the only ransomware attack in the area of technology and computers. Though ransomware attacks usually originated in Europe and then later moved on to Asia and the other parts of the world, India has also seen its share of devastating malware attacks. Therefore, as such attacks become more and more frequent and deadly; we should prepare ourselves to strengthen our devices to save them from dangerous malware attacks.

Petya and not Petya Ransomware

Apart from the “WannaCry” ransomware attack in May 2017, the other two dangerous malware attacks are known as “Petya” and “NotPetya”. Though both work in their own way, they have equally deadly consequences. Therefore, it is important for us to be aware of various ransomware attacks, which systems were affected, and know how to protect our devices against them. Treatment in case of malware attacks can be a tricky business, so it’s better to practice the “prevention is better than cure” method and learn more about ransomware attacks such as Petya and NotPetya ransomware.

What’s the difference between Petya and NotPetya ransomware?

NotPetya ransomware attack – NotPetya ransomware attack refers to malware that was originally designed to hold important data for hostage in return of ransom payment. It uses EternalBlue, a ransomware-network exploit, which takes advantage of a vulnerable network protocol known as the Server Message Block. Server Message Block protocols are used to share printers, files and serial ports working with Microsoft networks. However, the real motive of NotPetya is to encrypt confidential data of important companies, under the umbrella of a major ransomware attack. It is also said that one of NotPetya’s features is the ability to work from an active session or even stolen credentials.

Victims are often tricked into downloading or opening a suspicious link or file containing the virus, which rapidly spreads into the computer. As the result, certain important files get encrypted, and the malware demands a ransom payment on Bitcoin to retrieve the data. They are required to pay $300 from a certain Bitcoin address, Bitcoin wallet identification and a personal installation. The victims are also notified of an unlock code sent through an email address, which was soon blocked by Posteo. Thus, the real motive of NotPetya would be lost due to an unsuccessful payment transaction.

It can be said that Windows-based operating systems are under the radar for attack, so all releases ranging from Windows XP to Windows 10 should be secured to protect them from attack.

Petya ransomware attack

Petya ransomware is the second worldwide malware attack after the “WannaCry” attack in May 2017. Petya is operated by the same ransomware-network exploit, EternalBlue, for its purposes. Business organizations are attacked more frequently than individual users, as security updates and procedures can take some time to be actually put into use. The Petya ransomware had originated in Ukraine at accounting software by the name of Me Doc. It went on to spread into government and private organizations alike in Ukraine, Denmark, France and Russia, to name a few. A number of Indian companies have been affected by the malware as well, such as a German beauty scare industry Beiserdorf AGR and a British consumer goods organization Reckitt Benkinser. India’s largest container port by the name of Jawaharlal Nehru Port has also been said to be affected by Petya.

Apart from using EternalBlue, Petya also uses Psexec and Windows Management Instrumentation to gain admin access to local computers. The Petya infection causes the computer to reboot, and encrypt the hard drive’s index (also known as the Master File Table). It overwrites the Master Boot Recorder, and displays a ransom note demanding payment in return of the restricted data.

Petya doesn’t have a kill-switch and works with a single fault in the network vulnerability system. The only real protection against the ransomware is to update the Microsoft patch designed for Windows versions, which could go on to save not just your devices but other devices on the network as well. It generally spreads inside one company instead of on a global internet basis, so it should stop spreading due to limited network access.

How to protect your devices from Petya and NotPetya ransomware attacks?

Ransomware attacks can be devastating from both professional and financial perspectives; therefore we should have some data protection tips in mind to prevent any untoward happening.

  • Security updates – The best way to protect your device from ransomware attacks is to go for regular security updates. Update all the patches Microsoft has issued to protect your device, and disable the Server Message Block 1 version completely if you’re unable to update the system just yet. If you’re part of a business organization, disable the Windows Management Instrumentation and SMBv1, both of which are used in ransomware attacks.
  • Trick the malware to think that it’s already present on your computer – You can do this by simply opening the File Explorer, and creating a file named “perfc” with no extension on “C: \Windows”. Moreover, keep its permissions set to “Read Only”. In such a case, the malware would become inactive. However, the infected computer might remain so, and retain the chance to infect other computers as well. In such a case, data recovery would be a tough task.
  • Reinstall Windows, if needed – If you feel that your computer is already infected, search for two files named “exe” in the Windows Task Manager. In such a case, shut down the computer and do not reboot. You might need to reinstall Windows, and use your backup to gain access to your files. Therefore, it is very important to have a backup of your important files on an external hard disk or a Cloud-storage service such as iCloud.
  • Regularly update your system – It is advisable to use the latest version of Windows, and update the security patches to guard against WannaCry and NotPetya. Moreover, check for the Windows firewall, update your antivirus software to the latest version and ensure that all other software has been patched as well.

Therefore, protecting your device and data from malware is a challenging task. However, following the above-mentioned tips for Petya and NotPetya ransomware can be simple and effective. It is also important to maintain awareness about such ransomware attacks and the steps needed to deal with the situation, for better cyber security.