Petya ransomware is a part of a new wave of cyber attacks that has hit enterprise networks across the world. Ukraine and Russia are the worst affected, though the attack has also impacted some companies in other Western European countries, US and India.
Researchers are calling Petya a wiper and not a ransomware. The aim of this wiper being mass destruction of data and not collection of money from victims and enterprises. This was first reported by Matt Suiche, founder of the cyber security firm Comae. You can read his detailed blogpost on Medium (blog.comae.io) explaining why Petya is a wiper, not a ransomware. Cyber security firm Kaspersky has also come to the same conclusion.
What is the difference between a Wiper and a Ransomware?
A wiper and a ransomware differ in their intent and motive. The goal of a wiper is to destroy and damage data, excluding any possibility of restoration whereas the goal of a ransomware is to make money and it can restore the modifications it makes on your system.
How to protect your organization against it?
Common delivery methods for such malwares are via phishing emails or scams and the payload requires local administrator access to execute. Most major antivirus companies like Symantec and Kaspersky claim that their software has been updated to actively detect and protect against “Petya” infections. Keeping your Windows up to date – at the very least by installing March’s critical patch MS17 – 010 – will defend your system and also protect against future attacks with different payloads.
Organizations need to be aware of how threats affect their organizations through gaps in their infrastructure, unsafe application updates, or infected web adverts. Here are some protective measures that you can take to protect your organisation from Petya and similar attacks:
- Install the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.