Many organizations in the west have been crippled by the ‘Petya’ ransomware attack – from leading firms to local businesses, all seems to be at the target list of this ransomware. Spreading at an alarming rate, Petya is considered as the next big ransomware after WannaCry.
On this very tuesday, firms in Ukraine got hit by GoldenEye, a new strain of the Petya ransomware and as of now, thousands of computers around the world are getting locked up by this fast-spreading ransomware.
“Big businesses are getting hit. An entire hospital is shut out of its system. And suddenly, Petya’s everywhere – Considered as the next big ransomware attack”.
If you are wondering about ‘how this ransomware works’, then –
Petya takes over computer and locks all the files – then, it demands money in terms of digital currency, i.e. Bitcoin and if you fail to pay, you lose all your files. The new ransomware attack not only encrypts crucial files but your entire hard drive and then forces your computer to restart.
It also deletes the computer’s event logs to cover its tracks and hide from analysts. Mostly it is vulnerable to windows computers. Petya’s modus operandi is believed to have an optional pattern as the malware tries one option and if it doesn’t work, it tries the next one – Which is why, it is believed to possess a better mechanism for spreading itself than WannaCry.
As far as the profits from this ransomware are concerned – GoldenEye, being a variant of Petya, was sold on the forums on the dark web since last April as a ransomware service. The buyers are believed to get 85 percent of the profit, while the malware’s creators get 15 percent.
And if you are thinking about the fix, then – researchers believe that ‘It is very, very important to patch your systems’ and it was also noted that the ransomware runs on boot, meaning that if you can disrupt a system before Windows boots, or if you encounter a “Check Disk” message, you can avoid having your files encrypted by quickly powering down.
As per Microsoft, additionally, for the current variant of ransomware – administrators can stop the spread within a network from the Windows Management Instrumentation by blocking the file C:\Windows\perfc.dat from running.
Administrators can also shore up their defenses by using Microsoft’s Local Administrator Password Solution to protect credentials that grant network privileges.
So, if you are using a Windows system, then make sure to patch it and protect yourself and your firm from the security breach.