Petya ransomware began infecting individuals and organizations alike early today. Similar to WannaCry, Petya exploits a flaw in the Microsoft Windows Server Message Block (SMB) then spreads through remote code execution vulnerabilities via network port 445 before encrypting a victim’s computer files. A ransom message then explains the data will remain “locked” until a ransom is paid.
The difference today is that Petya is locking entire disks and preventing users from logging into Windows. The filesystem’s master file table (MFT) is encrypted, which means the operating system cannot locate files.
Microsoft fixed the Windows SMB vulnerability by issuing an update patch on March 14, 2017, so those who followed the advice escaped today’s attack. But no-one can afford to be complacent. The virus continues to mutate and variants will carry on wreaking havoc at an alarming rate. If your computer is infected, we suggest you do NOT pay any ransom. Even if you do, hackers might well renege on their promise to decrypt files for you.
NETVIGATOR suggests the following precautionary measures:
- Back up your computer’s operating system and files to an external hard disk. Disconnect and keep the hard disk in a safe place after back up.
- Back up your computer’s operating system and files frequently.
- Connect your computers to the Internet via a broadband router that has a firewall function. Do not open network ports 139 or 445 on your router.
- Enable the Windows “Automatic Update” function and install updates immediately they become available.
- Make sure you have installed a reputable anti-virus software and update to the latest virus signature. Perform a full system scan to ensure your system has not been infected by any kind of virus.
Find out more about Petya ransomware here:
https://business.f-secure.com/petya-ransomware-outbreak-proves-wannacry-was-only-the-beginning