Petya ransomware is a part of a new wave of cyber attacks that has hit enterprise networks across the world. Ukraine and Russia are the worst affected, though the attack has also impacted some companies in other Western European countries, US and India.
Researchers are calling Petya a wiper and not a ransomware. The aim of this wiper being mass destruction of data and not collection of money from victims and enterprises. This was first reported by Matt Suiche, founder of the cyber security firm Comae. You can read his detailed blogpost on Medium (blog.comae.io) explaining why Petya is a wiper, not a ransomware. Cyber security firm Kaspersky has also come to the same conclusion.
What is the difference between a Wiper and a Ransomware?
A wiper and a ransomware differ in their intent and motive. The goal of a wiper is to destroy and damage data, excluding any possibility of restoration whereas the goal of a ransomware is to make money and it can restore the modifications it makes on your system.
How to protect your organization against it?
Common delivery methods for such malwares are via phishing emails or scams and the payload requires local administrator access to execute. Most major antivirus companies like Symantec and Kaspersky claim that their software has been updated to actively detect and protect against “Petya” infections. Keeping your Windows up to date – at the very least by installing March’s critical patch MS17 – 010 – will defend your system and also protect against future attacks with different payloads.
Organizations need to be aware of how threats affect their organizations through gaps in their infrastructure, unsafe application updates, or infected web adverts. Here are some protective measures that you can take to protect your organisation from Petya and similar attacks:
- Install the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.
- Ensure that your anti-virus software is updated. Vendors release updates as the samples of any new malware are being analysed.
- Backup the files stored on your local disks
- Prevent users from writing data outside of designated areas on the local hard disk to prevent data loss if attack occurs.
- Restrict who has local administration access.
- Educate your employees to remain vigilant when opening attachments or clicking on links from unknown sources.
TACKLE THIS THREAT WITH SYSFORE
Need more help? Are there infected systems in your network? Contact us today!
Sysfore can help you identify vulnerable and prone systems in your network and help you protect them with security measures and available patches. We can also consult you on how to implement data backup and recovery solutions to keep your data safe and secure in situations like this.
Sysfore is a full-service application engineering solutions provider for enterprises. We are a Microsoft Gold Partner on the Azure Platform, and an AWS Cloud Partner. We build applications for enterprise clients using the best of cloud, mobile, and responsive web technologies. We serve a global client base, offering Consulting, Technology and Managed Services. Sysfore has a decade plus experience in application engineering on the Microsoft .NET platform and on the open source technology stack.