Petya Ransomware: What Is It And How To Protect Against It?

    Mimecast provides an expert team with the tools and know-how needed to keep your files safe.
    Overview

    Petya ransomware stands out as being particularly malicious

    Out of the numerous ransomware attacks to hit organizations in recent years, the virus known as “Petya”  stands out as being particularly malicious. A large attack in the summer of 2017 found European companies and governments of all types and industries (although most were either affiliated with or located in Ukraine) at the whim of a destructive software whose intention seemed to be to cause the most damage possible.

    While this particular attack seemed to have political motivations, it hasn’t stopped Petya and its variants from popping up elsewhere and causing harm to whatever computer it may reach, regardless of its motives. Luckily, at Mimecast we make it our mission to spread awareness about viruses like Petya, as well as provide preventative measures and services that will render this malware inept.

     

    GettyImages-568671873-1200px.jpg

     

    What is Petya ransomware?

    Petya began as a run-of-the-mill ransomware virus. It worked by encrypting both a computer’s user files as well as its hard disk. Once completed, this level of encryption essentially rendered any computer inoperable.

    Users unlucky enough to encounter it were either forced to pay $300 in Bitcoin to receive a decryption key to their files or reformat their hard drive completely, losing any unbacked files in the process.

    However, the devastating cyberattack against Ukraine in 2017 marked the rise of a new variant of Petya ransomware that seemed to cause markedly more damage than its predecessors. This variant was known as “NotPetya.”

     

    How does Petya infect my computer?

    Petya ransomware attacks and their variants have historically used two separate attack vectors to infiltrate computer networks. The first is through the “EternalBlue” exploit in Microsoft computers, and the second is through malicious attachments downloaded from phishing email.

    Once it has infiltrated a computer, Petya will then look for ways to infect other computers connected to the same network or associated with the user in any way. It will then gather the username and password information of these users in order to infect them as well.

    After it has gotten inside of a computer’s files, a Petya ransomware attack will typically take one hour to alter and damage key files inside your computer’s operating system. When it’s finished, it will reboot your computer, after which your hard drive and personal files will be completely encrypted.

     

    What is not Petya ransomware?

    As the 2017 attack began to disseminate throughout Europe, cybersecurity experts noted a key difference between this instance of Petya ransomware and other variants. Namely, this new variant did not release a decryption key once the ransom was paid.

    This meant that even though infected users received a prompt to pay a ransom in exchange for the decryption of their files, this payout didn’t actually work. There was no ransom negotiation to begin with.

    The intention of this malware wasn’t to earn a payday for cybercriminals. Instead, it was to cause massive, irreparable destruction to whatever computer network it infected.

    In this way, a Petya attack distinguished itself as being a kind of pseudo-ransomware. Victims would believe that paying the ransom would return them their files, only to learn that their hard drive and operating system were permanently encrypted.

     

    GettyImages-1331101157-1200px.jpg

     

    How can I protect against Petya ransomware?

    Since the most common attack vectors in Petya are through software exploits and phishing scams, you will need preventative measures that address both methods of infiltration.

    For software vulnerabilities like the EternalBlue exploit, updating your computer is the first step. But even then, having robust anti-virus and ransomware protection services, such as those Mimecast offers, that will prevent viruses like Petya from finding commonly known exploits and using them to their advantage.

    Phishing scams require different protection strategies. Typically, the best preventative measure to take against malicious emails is education and awareness about the nature of malicious emails. Security and awareness training of your employees will help ensure that every computer user in your company’s network knows the run-of-the-mill scam techniques these cybercriminals use.

     

    Mimecast is your ransomware solution

    The destructiveness of viruses like NotPetya can be intimidating at first. You may think that there’s little or nothing you can do if you fall victim to one of these attacks.

    But whether you’re worried about Petya ransomware attacks, NotPetya attacks, or any number of other potential ransomware viruses, Mimecast provides an expert team equipped with the tools and know-how needed to keep you and your files safe. With state-of-the-art virus protection, email scanning and security, and security awareness training, Mimecast provides you the peace of mind needed to conduct your everyday digital interactions with confidence and ease.

    Learn more about how Mimecast can help protect your organization by getting a free custom quote.

    Back to Top