Jul 22, 2017
The Latest Ransomware Threat: NotPetya
A new ransomware is spreading rapidly and causing disruption around the world. Like WannaCrypt, it encrypts all files on a computer and demands $300 worth of Bitcoin in ransom. This attack first appeared in the Ukraine where it crippled the National Bank as well as transportation and utility industries. The security community is uncertain about the origin of the attack. They first thought it was very similar to one called Petya, but later, significant differences lead to it being called “NotPetya.”
How the attack works
NotPetya infects a computer through fishing emails and possibly a software product called MeDoc. Primarily, it exploits the EternalBlue vulnerability in unpatched Windows systems, just like WannaCrypt. It also can trick users into letting it have access to administrative tools that lead to infection. Once NotPetya has encrypted the files on the computer, it has no mechanism for reversing the encryption. Despite claiming that if a victim pays the ransom it will unlock the files, it does not actually do this. Researchers suspect NotPetya is an attack meant to cripple infrastructure designed to look like ransomware to hide its true purpose.
The Ukraine has been the hardest hit by the attack, as it has caused serious financial problems in addition to harming many important companies that support the country's infrastructure. Other countries have also been affected. According to Forbes, a Danish utility company, a Russian oil company, a British advertiser, and a law firm are among the victims of cyber-attacks that may include NotPetya. Merck, an American pharmaceutical company, was also compromised.
How to stay safe
Your best defense is to prevent the attack with updated anti-virus and anti-malware software. Also, make sure you have all critical Windows updates installed. Backing up your data to a drive that remains unconnected to your computer will keep you from permanently losing files if you get infected. To prevent infection, never open an email with suspicious links, and do not allow programs you are unsure of to have access to your Windows administrative privileges.
NotPetya is a threatening attack that appears and acts like ransomware but may have other intentions. It has crippled industries around the world and caused major disruption in many countries, especially the Ukraine. Taking security precautions and backing up data are your best defenses against this threat.
For more information about cyber security, please contact us.