Petya a new variant of the Petya ransomware family that has affected organizations across Europe. This ransomware was first discovered in 2016 – it encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer. This new variant is particularly virulent because it uses multiple techniques to spread automatically within a company’s network once the first computer is infected.
Petya also attempts to spread internally by breaking admin passwords and infecting other PCs on the network using remote admin tools. It can also spread internally by infecting network shares on other computers.
Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, “We’ve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alike”, says Harish Chib, Vice president Middle East and Africa, Sophos.
According to Chib, Sophos Endpoint Protection products are protected against this new ransomware variant so their customers have nothing to worry about. He notes that Sophos Intercept X customers were proactively protected with no data encrypted, from the moment this new ransomware variant appeared.
Here are a few steps to avoid such attacks:
- Ensure systems have the latest patches, including the one in Microsoft MS17-010bulletin
- Consider blocking the Microsoft PsExec tool from running on users’ computers using Sophos Endpoint Protection.
- Back up regularly and keep a recent backup copy off-site.
- Avoid opening attachments in emails from recipients you don’t know.
Read More about this ransomware here.