Many organizations in Europe are affected by a ransom ware attack “Petya”. The malicious software has spread through large firms including the advertiser WPP and Danish shipping and transport firm, leading to PCs and data being locked up and held for ransom.
Operations of one of the three terminals of India’s largest container port were affected as fallout of the Petya global ransom ware attack.
It is a second major global Ransom ware attack in last two months. As we said that it looks like WannaCry, or WCry, has been stopped, or at least slowed, by the discovery of the so-called “kill switch.” However, is this just the eye of the storm that misleading calm between another onslaught. The code can be easily tweaked and the ransom ware unleashed again.
How does Peyta RANSOMWARE works
The Petya ransomware takes the control of your computer and demands $300,paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or using Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one.
It has another variant called golden eye. It goes a step further with two layers of encryption and locks up both your files as well as your system.
Immediate steps if you are affected by the ransom ware?
The ransomware infects computers and then waits about an hour before rebooting the system. While system reboots, you should switch off the system to prevent files from being encrypted and try to rescue files from system.
If the system reboots with the ransom note, don’t pay the ransom. The customer service email address has been shut down so there’s no way to get the decryption key to unlock your files anyway.
Immediately disconnect your PC from the internet, reformat the hard drive and reinstall your files from backup.
We’ve put together some proactive actions which will help you
- Patch Management– Ensure all Workstations and Servers have the latest Microsoft patches, especially the ones related to MS17-010.
- Antivirus – Ensure AV signatures are updated on all assets. Identify critical assets and target them first. Block IOCs on AV solution. Get the details with regards to the name of the malware and verify if this malware has been detected in the logs for last 1 week.
- Deploy Proactive Monitoring and Management systems to indentify security threats and carry out predictive analysis.
- Develop Incident response and reporting framework within organisation.
- Create Employee awareness programs
Insight Team can work with you in achieving
- Vulnerability assessment & Penetration testing
- Monitoring & maintaining logs
- Incident Response and Management
- Real time Threat Management
- Network Security Management
- Employee awareness programs
You can leverage INSIGHT 24/7 Cyber Security Operation Centre and skilled expertise for cyber security incident response, remediation and reporting.
It is characterized by the following:
- Secure environment isolated from existing corporate network
- Lab for testing use cases related to different tools.
- A plug and play environment for new products and technologies
- Demo environment for clients.
- Can be used across various geographies