With horrors of WannaCry still fresh, here comes Petya that however seems to be targeted specifically at the business infrastructure within Ukraine.
A new ransomware that goes by the name Petya is now wreaking havoc with computer systems in the entire Europe. Things seem to be particularly bad in Ukraine, so much that the attack is believed to be specifically targeted at the ex-Soviet bloc nation but got spilled over to neighboring countries as well.
All of it started with a harmless looking software update for MEDoc. This is where that security analyst believes the attack to be targeted at Ukraine as MEDoc is a financial software that all business institution in the country is required to have installed on their systems.
So the first thing that the hackers did was, of course, breaking into the MEDoc update servers to push their malware codes. Once business installations in Ukraine got hit, it was just a matter of time before all systems having dealings with the Ukrainian firms too became easy targets.
In fact, so severe the attack has been in Ukraine that even the Chernobyl nuclear power plant too had to be shifted to manual mode to avert any untoward incidents. That apart, banks, airports or railway networks too have been hit severely.
Also, it is Windows system logged in to enterprise network that happens to be the target. So far, there have been no reports of any Mac, Android, Linux or Ubuntu systems being hit. Also with the emphasis on enterprise, home computer users seem little to be worried about for now though there is no guarantee things won’t escalate in its scope any further.
Also, worth mentioning, the Petya is basically a ransomware at its core. And true to its form, that is also how it has been functioning. Among the first things Petya is up to once it gains entry into a system is lock up the Master Boot Record, thereby preventing the system from starting up properly.
Another way Petya has been functioning is locking up the files until you pay a specific ransom. However, this is where that computer security experts are forced to believe there is more to Petya than being a simple ransomware. This since the method to make the ransom payment is shrouded in mystery, which is convincing experts that the sole motive behind Petya is to create havoc and not earn money.
Another theory doing the rounds is that the hackers behind Petya could be up to stealing data as of now. Those again will be used to do something big or more targeted attacked at a later phase.
The lack of a specific financial angle has also led many to believe the Petya attack could have a wider political motive as well. As things stand at the moment, Ukraine does not share a friendly relation with Russia. In fact, Russia is also into military campaigns within Ukraine that the latter has serious objections about. That a senior military officer got killed in a car bomb blast the day Petya started has only made the political angle more robust.
How to prevent Petya attack
- Ensure you have all the latest security patches installed. A fully patched Windows computer is relatively safe for now.
- An effective and updated anti-virus too can be effective in dealing with Petya.
- Further, there also are a few tricks that will save from being a victim. If you see your computer trying to shut down on its own, prevent that from happening. Petya needs to reboot for it to have control over the Master Boot Record and denying a reboot is one way of prevent the attack.
- Another way is to insert a read-only file named ‘perfc’ in your Windows directory. This has been found effective in some machine except those running on Windows 7. However, the latest Petya files might have this feature disabled so that a ‘perfc’ might not be enough to ward off the attack.
So the best way is to have a good anti-virus installed. Having the latest patches on your device is also equally important.