Major corporations, electricity providers, and government agencies around the world have been affected by a variant of the malware known as Petya. It even affected a chocolate factory.
At first, it was believed to be a ransomware (when a hacker takes control of your computer in return for a ransom payment), because what it does is freeze your computer and display a rescue note on your screen. The note requires the payment of $ 300 in bitcoins in exchange for releasing the infected computer. The attack resembles that of ransomware WannaCry, which affected more than 230,000 computers in more than 150 countries in May.
So, is it ransomware or not? Well, most likely not. The system of payments that the hackersestablished is practically inoperative. They used only one address for bitcoin payments, which has already been canceled by the email provider. Now it is believed that ransomware is only a way to conceal malware that is designed to cause a lot of damage, particularly against the government of Ukraine. In addition to damaging the information on a computer, Petya also contains a Trojan virus that steals the usernames and passwords of its victims.
It is no longer really ‘Petya’
Petya, in fact, is the name of an earlier version of this malware. When key differences emerged, researchers gave it different names to label it as a new variant of Petya. Now they are calling you GoldenEye.
How to protect yourself from Petya malware ?
There are two ways in which Petya / GoldenEye attacks a computer. “The virus attacks vulnerabilities in the Windows Server Message Block (SMB) service, which is used to share files and printers over a local network,” said David Sykes, the business security expert at Sophos. “Microsoft corrected that issue in its MS17-010 in March, but the vulnerability was key in spreading WannaCry last month. The new Petya variant can also be propagated using a version of the Microsoft PsExec tool along with the credentials of Administrator of the attacked computer “.
These problems have been corrected, but some people have not downloaded the patch, so it is still spreading. The first line of defense is to make sure you have the latest version of Windows: if you have the automatic updates turned on, you do not have to do anything else. These updates should already be installed on your computer.
But if you do not have the automatic updates enabled, then you can download the security updates here:
- Windows 8 x86
- Windows 8 x64
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
Windows has a download page for all versions here .
Now, make sure your antivirus software is up to date as well. The majority of the companies that manufacture antivirus already have corrections that block Petya and this new variant.
Finally, you must take daily precautions. Sykes recommends backing up your computer information frequently and saving a copy somewhere else offline. And do not open the mail attachments unless you know who they are from and are waiting for them