Buzz
While Windows faces numerous Ransomware viruses, on Android devices, a malware called CopyCat threatens user data safety. CopyCat masquerades Android apps, and once users download and install them, their devices immediately become infected with this malware, leading to loss of device control. Therefore, experts advise users to download apps from Google Play instead of external links.
Following the attacks of WannaCry Ransomware and EternalRocks, a new ransomware named Petya has emerged. Petya Ransomware's attack method is similar to WannaCry Ransomware, with similar signs of attack as the Petya attacks in 2016. To understand the impact and danger of this new Ransomware compared to EternalRocks or WannaCry in the past, we need to explore what Petya Ransomware is, how to prevent, identify, and protect your computer.
What is Ransomware?
Ransomware is a malicious software that takes control of your system and files. Once 'acquired,' it applies encryption to files on the system and demands ransom for the key to restore those files. Ransomware often renames files and changes their extensions.
Understanding Petya Ransomware: Prevention, Recognition, and Protection Measures
The first Petya attacks occurred in 2016. The most recent attacks are a variant or 'offspring' of Petya. Security researchers call it Petware, Golden eye, or Not Petya.
How does Petya Ransomware operate?
Petya Ransomware exploits the EternalBlue vulnerability similar to WannaCry, but it utilizes more intricate code. Petya also 'exploits' the EternalRomance vulnerability leaked by the NSA. This ransomware uses an open-source tool called Minikatz to obtain system administrator information. It then spreads across the network using tools like PsExec and WMIC. Hence, even with only one affected system, it can compromise the entire network.
Who are the targets of Petya Ransomware attacks?
Petya Ransomware attacks originated in Ukraine. The malware was 'injected' into government software and utilized by various domestic agencies, including banks, airports, and transportation systems in Ukraine, which were affected.
As of now, Petya Ransomware has spread to numerous countries including India and others.
Signs to identify if your computer is under Petya Ransomware attack
Below are screenshots indicating signs when your computer is under Petya Ransomware attack:
How much money have hackers made from Petya Ransomware attacks?
A total of $9,070 USD has been transferred to hackers through 36 transactions at the time of reporting.
How to protect your computer from Petya Ransomware?
Download security patch updates
Similar to WannaCry, Petya targets the vulnerability named EternalBlue on older Windows systems.
One of the best solutions you can do to protect yourself from Petya Ransomware attacks is to download security patch updates provided by Microsoft during the updating process.
Microsoft released a security patch to protect against vulnerabilities in Windows XP systems back in March. In early June, the company released multiple patches for older Windows operating systems.
If you allow Microsoft to automatically update your computer, you will receive security patches. For older Windows versions that Microsoft no longer supports, you can visit the Microsoft website and download the necessary patches to protect your computer based on the version of Windows you are using.
Backup your computer
It's best to back up your computer data regularly to avoid ransomware attacks. And if you happen to become a victim, you still have a copy that you've backed up and stored in another location, such as an external hard drive or cloud storage services.
Users are advised to back up their data multiple times per month. In case of an attack, you still have copies of your files to use without having to pay a ransom.
Install protective programs
You should download and install antivirus software, system protection programs not only to defend against attacks but also to alert you whenever a threat appears on your computer. These software packages include Firewalls, antivirus programs, and other security software.
These programs can alert you if any malware is attempting to encrypt your files and what you can do to stop those malware. While ransomware may take some of your files, these programs will protect the rest of your files.
Absolutely do not click on any suspicious emails
Some attacks occur due to phishing emails. These emails are designed to make users believe they are legitimate, but in reality, opening these emails means installing malware on your computer without your knowledge. Therefore, absolutely do not click to open any suspicious emails if you don't want to become a victim of Petya Ransomware.
Usually, if an email is legitimate, you will see the name of the company or the sender's name, and only open emails from people you know. If you use gmail, refer to how to block gmail spam here
Furthermore, it's advisable not to access certain websites or download and install software of unknown origin. It's highly likely that additional malware will be attached when you click on links on websites or when you download and install software of unknown origin.
Protect Yourself While Using Public Wifi
When using public Wifi, you may see other people using the same network as you. You want to ensure that you have changed the security settings on your computer when using public networks. Typically, your computer will prompt you to set it up automatically if you want to see others on the same network, but checking your security settings again to make sure you haven't set it to public is important.
Additionally, you should use a Virtual Private Network (VPN) to 'hide' your computer from other users on public networks. While using a VPN won't protect against malware, it can help you 'not be a target' of that malware.
The Mytour article has provided you with all the information about Petya Ransomware: what it is, how to prevent, identify, and protect your computer from Petya Ransomware. Hopefully, the article will give you more useful information about Petya Ransomware and how to prevent this type of ransomware.
