All you need to know about the Petya-like malware behind the global ransomware outbreak

0
68
Print Friendly

The ongoing ransomware outbreak that is sweeping through Europe and could soon spread to other parts of the world has been identified as being similar to a previously known malware by the name of ‘Petya’. However, officials from antivirus firm Kaspersky Lab have found that this new ransomware is a completely new ransomware with Petya underpinnings.

The Petya ransomware

The Petya ransomware has been around for more than a year. In essence, the ransomware functions by locking the user’s digital information as well as their hard drive, making any data recovery extremely difficult without the unlock code from the hacker, which is available after making a payment via BitCoin. In this case, the hackers are demanding a ransom of $300 from those affected by the malware

According to US antivirus firm Symantec, the Petya ransomware uses the same Eternal Blue exploit as the WannaCry ransomware that had infected PCs worldwide a few months earlier. The Eternal Blue exploit is a tool that allows any hacker to trick Windows to run any code by sending it over a special data packet over the internet. The exploit was developed by the US National Security Agency and was later leaked online by the Shadow Brokers.

How can you protect against Petya?

As of the writing of this article, the new Petya ransomware has infected more than 2,000 computers across Europe, including the UK, France, Germany, and Russia. The ransomware is spreading rapidly and precaution is most definitely better than the cure.

Since the malware exploits a part of the Windows software that is difficult for antivirus softwares to monitor, it is best if the latest security update from Microsoft is installed on the PC. Further precautions should include avoiding suspicious websites and emails to reduce the risk of getting infected by the malware as the ransomware disguises itself as an innocuous link.

However, in the unfortunate circumstance that your PC gets infected, it is probably best to not pay the ransom. There are certain tools that can help recover the locked files.