Petya ransomware is a part of a new wave of cyber attacks that has hit enterprise networks across the world. Ukraine and Russia are the worst affected, though the attack has also impacted some companies in other Western European countries, US and India.
Researchers are calling Petya a wiper and not a ransomware. The aim of this wiper being mass destruction of data and not collection of money from victims and enterprises. This was first reported by Matt Suiche, founder of the cyber security firm Comae. You can read his detailed blogpost on Medium (blog.comae.io) explaining why Petya is a wiper, not a ransomware. Cyber security firm Kaspersky has also come to the same conclusion.
What is the difference between a Wiper and a Ransomware?
A wiper and a ransomware differ in their intent and motive. The goal of a wiper is to destroy and damage data, excluding any possibility of restoration whereas the goal of a ransomware is to make money and it can restore the modifications it makes on your system.
How to protect your organization against it?
Common delivery methods for such malwares are via phishing emails or scams and the payload requires local administrator access to execute. Most major antivirus companies like Symantec and Kaspersky claim that their software has been updated to actively detect and protect against “Petya” infections. Keeping your Windows up to date – at the very least by installing March’s critical patch MS17 – 010 – will defend your system and also protect against future attacks with different payloads.
Organizations need to be aware of how threats affect their organizations through gaps in their infrastructure, unsafe application updates, or infected web adverts. Here are some protective measures that you can take to protect your organisation from Petya and similar attacks:
Install the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability.
On May 12th, 2017, the world was hit by a cyber-attack that caused chaos and panic among organizations and people alike. So far, more than 200,000 computers in 150 countries have been affected, with victims including hospitals, banks, telecommunications companies and warehouses.
WannaCry, Wanna Decryptor, WannaCrypt – whatever it’s referred to as, is by and large the same bitcoin-demanding beast. In this article, we explain everything we know about the ransomware that has been raking havoc globally and how you can safeguard yourself against this threat.
WHAT IS WannaCry RANSOMWARE?
WannaCry is an encryption-based ransomware that encrypts files on a system with AES and RSA ciphers. This means the hackers can directly decrypt the files on an infected system using a unique decryption key.
Once WannaCry ransomware infects a system it creates encrypted copies of specific file types before deleting the originals. The victims are then left with encrypted copies, which can’t be accessed without a decryption key. Additionally they increase the ransom amount, and threaten loss of data over time, creating a sense of urgency, greatly improving their chances of getting paid by the victims. Read more →
Due to a massive increase in the Cyber Threats like “RANSOMWARE“ & “RANSOM-DDOS“, we would request you to be cautious while browsing the internet for the next two to three days and avoid opening unwanted links. A global ransomware threat is affecting Windows systems, and this has brought down computer systems in nearly 74 countries around the world. Once affected, data recovery from the infected system is almost impossible.
India tops the list of affected countries by Ransomware threat
According to anti-virus provider Kaspersky, there were at least 45,000 attacks in 74 countries, Reuters reported. The numbers were an initial estimate and were expected to go up.
India was among the three countries worst affected by the attack, however, there was no immediate information on which companies in India were affected by this cyber attack. Read more →