About a month ago the world had been talking about the WannaCry ransomware which infected thousands of computers worldwide. Today, another malware does the same, yet, the scale seems to be even bigger.
Ukrainian companies first reported Petya (Petrwrap or Notpetya) on Tuesday, June 27. In a short period, it started to infect systems in Germany, Spain, the UK, Israel, Netherlands and the US.
60% of worldwide attacks were registered in Ukraine. According to the reports, Petya targeted bus stations, energy companies, the power grid, the airport, banks, delivery services, supermarkets and other facilities throughout the country. And it continues to spread like crazy locking computers and asking for bitcoin fee equivalent to $300 for the decryption. However, email app Posteo had blocked the address used, so now it is not possible to pay for unblocking. Though, hackers were able to collect about $10,000 from users before the block.
What is the Petya ransomware?
Symantec with other technology companies reports that Petya existed since 2016. However, the current version of malware was modified for the attack. This version, which is also called NotPetya has code that differs from the original one, and it is being distributed like a worm using the EternalBlue vulnerability developed by the NSA.
IT professionals say that algorithm used by Petya doesn’t encrypt your files as it is being told in the message delivered. Instead of that Petya locks your hard drive, so operation system is not able to access all your files.
Who was affected by the Petya?
As we said before, 60% of Petya attacks were registered in Ukraine. The virus targeted numerous governmental institutions and systems, as well as nation-wide companies. Even Chernobyl’s radiation monitoring system was switched to manual handling because of this attack.
Today Petya happened in the USA. According to Engadget hospitals, pharmaceutical company Merck, Los Angeles port and Fedex delivery service reported problems caused by Petya.
Numerous cyber security agencies around the world are carefully monitoring situation and report about all registered cases.
How to avoid Petya ransomware?
There is no algorithm helping to heal your PC from Petya. But if your device is not infected it is the best time to secure yourself. First of all, you need to make sure that all your systems and apps are up-to-date since EternalBlue tools use flaws in out-of-date software.
Also, it is worth to buy a quality anti-virus program and install a free antivirus from trusted provider to run regular scans.
Never open emails and the attachments from suspicious senders. Avoid downloading programs from third party resources if you are not sure that they are completely secure.