Beringer Associates Technology Blog

The Petya Ransomware Outbreak

Posted by on in Featured, Information Technology, Recent News

This new version of the Petya ransomware is spreading rapidly and turning into an outbreak reminiscent of the one caused by WannaCry. It has already impacted many end users, businesses, and organizations, both large and small.

 

The attackers are distributing the ransomware, dubbed Petya, via a malicious email campaign targeting human resource departments.

 

Once Petya compromises a system, the malware overwrites the Master Boot Record with a custom boot loader. Once the Master Boot Record has been altered, Petya causes Windows to crash and reboot. During the reboot the new malicious ransomware loader will display a screen pretending to be CHKDSK.  During this fake CHKDSK stage, Petya encrypts the Master File Table on the drive. Once the Master File Table is encrypted , the computer does not know where files are located, or if they even exist, and thus they are not accessible

 

With the Master File Table encrypted, the ransomware presents a ransom message to the user. The message instructs them to visit a site via the Tor browser. Once the user is on the site, they are instructed to pay the ransom.

 

Do not pay the Ransom! The email provider has closed the account of the hacker behind the Petya Ransomware outbreak.  You will not be able to receive the decryption keys.

 

The prevention tips and recommendations below will help protect from Petya and similar Ransomware attacks.

  • The malware requires administrator rights to the local computer. Consider restricting who has local admin rights to prevent execution of exploit code within the organization.
  • Some Windows systems are configured to automatically reboot if it crashes, although this feature can be disabled.
  • Deploy latest Microsoft patches.
  • Consider disabling SMBv1 to prevent the malware from spreading.
  • Ensure your antivirus solution is up to date.
  • Ensure you have backup copies of your files.
  • Restrict the use of system administration tools such as PowerShell and PsExec.

 

Beringer Technology Group is always here to provide expert knowledge in topics like these. Contact us today for any questions you may have.

 

Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution. We also provide expert Managed IT ServicesBackup and Disaster RecoveryCloud Based Computing and Unified Communication Systems.

Tagged in: