DefinIT Insights

Petya, NotPetya, Ransomware, and You - What You Need To Know?

cyber attackers firewalls techspert services

Another wave of ransomware scare has hit the Internet. Should you be concerned?

Yes.  The short answer is yes, anytime you hear news of another cyber threat, you should be concerned.  But not frantic.  Here’s why.

What Are Petya and NotPetya?

Petya is another piece of ransomware (i.e. a program that takes a computer “hostage”, usually by encrypting its data). When a system is infected with Petya malware, the master boot record is infected and the file system is encrypted. Victims were told to pay a certain amount into a Bitcoin account to get access back.

NotPetya is another piece of malware that has a more destructive purpose. Although it resembles Petya (and attacks the same vulnerability that sparked WannaCry and its related programs), it apparently irrevocably destroys data rather than encrypting it. For more details, see this Guardian article.

Am I At Risk?

Petya and NotPetya target Windows operating systems that haven’t been secured against the EnternalBlue exploit. Microsoft released a patch for this problem in March 2017; May’s WannaCry attacks raised awareness of the problem, so hopefully all Windows systems from Vista on up (and Windows Server 2008, 2012, and 2016) have already applied the patch.

That being said, many companies have been affected by Petya and NotPetya. These include large corporations in France, Denmark, Ukraine, and Russia, as well as Pittsburg’s Heritage Valley Health System and FedEx. Ports in Los Angeles, Mumbai, and Rotterdam were also affected.  [Source:  Reuters]

Like WannaCry, Petya and NotPetya can spread from one computer to all Windows devices on a network.


How Do I Stay Safe?

Follow the plan laid out in the Techsperts Talks article What to Do When You Hear About a Cyber Attack.  Of course, backing up your data daily or at least weekly also helps.