WHAT IS ‘PETYA’?
A massive ransomware attack that has hit businesses globally, causing major companies to shut down their computer systems.
The Petya ransomware follows the WannaCry ransomware attack in May which impacted businesses, hospitals, and organizations all over the world.
WHAT DOES IT DO?
Basically hackers carry out the Petya ransomware cyberattack by encrypting computer files and demanding a ransom to unlock it.
The ransomware locks down hard drives and demands $300 ransom via Bitcoin. Victims of ransomware will not be able to access their files and it prevents most users from recovering anything on their disks.
WHO IS THEIR TARGET?
Experts say outdated Windows computers are most vulnerable. Both WannaCry and Petya spread by a vulnerability in older Windows systems called EternalBlue, a tool created by the National Security Agency and leaked online by the Shadow Brokers that exploits a problem in Microsoft's software.
Although Microsoft released a patch for the vulnerability when WannaCry hit, anyone who did not update their Windows is still exposed.
Over 65 countries have been reported to be hit by Petya, but among the countries most badly hit it seems to be Ukraine has been hit the hardest.
Ukraine’s major companies, from the power grid to the postal service to its Central Bank have reported hacking attacks.
In the U.S., the second-largest drugmaker, Merck & Co., has confirmed the company's computer network was compromised.
In Australia, courier companies, legal firms and even Cadbury have been hit by the vicious Petya ransomware.
MORE DANGEROUS THAN WANNACRY
Although the spread of Petya has been slower than when WannaCry hit, Petya does not have the same mistakes in WannaCry’s coding including a “kill switch” security experts used to stop WannaCry from spreading.
Unlike WannaCry, researchers have yet to find a “kill switch” for Petya.
Also, during the WannaCry attack, it locked individual files while for Petya it is locking whole hard drives, essentially making the hard drive and computer unusable.
EVEN IF YOU PAID, YOU MAY NOT BE ABLE TO SAVE YOUR PC
The Petya perpetrators demanded the $300 Bitcoin ransom to be paid to a single Bitcoin wallet, then asked victims to send an email to email@example.com with a unique identifier to confirm payment and receive the decryption keys.
However, the email company Posteo announced they have blocked the email address, which makes it unable to confirm any ransom payments. The Bitcoin wallet tied to the Petya attack has received 45 payments so far, totaling to 3.99009155 BTC ($10,325.18 USD)
So even if victims paid for the Petya ransom, it is not guaranteed they will be able to retrieve back their files.
SHOULD YOU WORRY?
If your computer’s Microsoft software is running on the most recently updated one, you should be safe. Refrain from clicking on any suspicious links you receive.
Also, many of the major antivirus companies such as Kaspersky and Symantec claim that their latest updated software can now detect the Petya infections.
WHAT SHOULD YOU DO IF YOU’RE A VICTIM?
Should you or should you not pay the ransom if you fall victim to Petya?
Most experts would strongly advise you to never pay the ransom. In the Petya case, paying the ransom may not even guarantee a decryption key to save your files. Alternatively, victims are advised to restore all files from a backup.
Petya ransomware is said to infect computers and then waits about an hour before rebooting the computer.
According to @HackerFantastic on Twitter, if you find your computer compromised and this screen appears;
Photo source: @HackerFantastic
While the computer is rebooting, immediately switch off the computer to further prevent any files from being encrypted and try to rescue the files from your computer.