August 31, 2017

Cybersecurity: Beware Petya’s Wrath

{Written by: Wendi Ndaki} Petya would be a name you call a lady in Bulgaria and a man in Russia but in our case, Petya is a form of malware. […]

Cybersecurity: Beware Petya’s Wrath

{Written by: Wendi Ndaki}

Petya would be a name you call a lady in Bulgaria and a man in Russia but in our case, Petya is a form of malware. A malware is any file or program that is harmful to the computer.

It got its name from an old piece of ransomware whose code they shared. That other ransomware was called Petya. A ransomware is a type of malware that locks all digital files and demands payment in order for them to be retrieved.

In our previous Cybersecurity article, we talked about the WannaCry ransomware. Those behind Petya’s spread might have been inspired by WannaCry which struck in May 2017 because Petya struck barely a month later. However, it is important to note that Petya outdid WannaCry in its ruthlessness.

Petya was supposed to be a ransomware but it was more of a “wiper” malware whose main objective was to destroy systems and data. WannaCry on the other hand was a real ransomware whose main objective was financial gain even though victims could still potentially lose their data without a back-up.

They both targeted people using the Windows Operating System(OS), banking on a vulnerability on the OS to maximize their damage. However, Petya was more destructive in exploiting Windows’ vulnerabilities. It went as far as wreaking havoc on machines that had patches, executing, spreading and encrypting files without connecting to the server. This was beyond WannaCry’s capabilities. (A patch is a software designed to update a computer program to fix or improve it. Patches are usually temporary fixes.)

Petya hit companies in the US, UK, Ukraine, France and Germany; demanding a $300 ransom in bitcoins. Ukraine was the hardest hit. Its largest power companies warned that they were dealing with fallouts from Petya infections. They even reverted to manual operations in their nuclear plant as a precautionary measure.

How Petya works.

  • It takes over computers and demands a $300 fee in bitcoins.
  • The malicious software spreads rapidly across an organization once the computer is infected using the “EternalBlue” vulnerability in Microsoft Windows.
  • Petya is a “worm”, meaning it self-propagates. It does so by building a list of target computers and spreading to those computers.
  • Not everyone has installed the patch that Microsoft released, meaning many people are still vulnerable to Petya.
  • Unlike the WannaCry ransomware, Petya tries one option and if it doesn’t work, it tries the next. This means it can spread much faster than the WannaCry ransomware.

How to protect yourself from Petya.

  • Kaspersky has a software capable of spotting the malware.
  • There’s a need to keep Windows up-to-date so that any vulnerabilities are fixed.
  • Do regular data backups externally just in case your computer gets infected and you cannot retrieve your files.
  • Refrain from clicking on suspicious links.

What to do when infected by Petya.

  • Victims are advised not to pay the ransom because it encourages the attackers. There also isn’t any guarantee that you will get your files back once you pay the ransom. You would rather use your backed up files or look for experts who can use various tools to decrypt your files and recover some data.
  • It is important to note that the ransomware infects computers then waits for about an hour before rebooting the machine.
  • When the machine is rebooting you can switch the computer off to prevent the files from being encrypted. After this, you can try and rescue the files from the machine.
  • It is impossible to recover infected systems but infected files can be recovered.
  • If the system boots with the ransom note don’t pay the ransom. The email address has been shut down so you will not be able to get the decryption key anyway.
  • Instead, disconnect the PC from the internet, reformat the hard drive and reinstall my files from my backup.

Cyber security experts say that the payment mechanisms of the attack seem too amateurish to have been done by a serious criminal. The attackers used a single hard-coded payment address, meaning the money can be traced.

The webmail provider of the email address they were supposed to use locked the account thus breaking the communication between the attackers and their victims, which eventually affected the impact of the virus. Now, while this means that the Petya issue will be resolved soon, you need to make sure you secure your data.

Download Securex Apps

Smart. Secure. Connected.

Manage your alarm system, cameras, thermostats, lights, doors and more right from your phone, tablet or computer.

Securex Android App