top of page
Search
  • Ken Kleiner

Petya malware learns some new tricks: thanks WannaCry!


There is a new villain on the prowl: the newly improved ransomware Petya, or PetyaWrap as it often referred to. Very much like the latest variant of the flu, last season's vaccine isn't helping much.

THE ATTACK

Like the original strain, PetyaWap can copy itself round your network, and then automatically launch those new copies without waiting for users to do anything; no need for anyone else to open an attachment, click a link or run an infected program. Like the GoldenEye ransomware, PetyaWrap encrypts your data files in such a way that only the attackers know the decryption. You can’t unscramble the files without their help. Now there is a knockout punch too: after encrpting your data, PetyaWrap scrambles your disk down at the sector level. You can’t access your hard drive at all, even if you plug the disk into another computer.

THE DEFENSE

(1) Install all available operating system patches (Windows/Mac)

PetraWrap borrows one of it's attacks from WannaCry by trying to exploit a pair of critical Windows security holes that were stolen from the US National Security Agency (NSA). Most of us applied all of the operating system patches to secure this flaw when WannaCry broke out. Update and you have your first line of defense covered.

(2) Set users to STANDARD rather than ADMINISTRATOR Secondly, PetraWrap tries to spread using a popular Windows remote execution tool. Even if you don't have this tool on your computer, the malware has an embedded copy inside it just in case. This application only works if the user logged in has administrative rights. Yes, having admin rights for each user can save time when updating your software but it creates a potential security flaw. By limiting the user's profile to standard mode, you can block this attack vector of sharing the virus across your network.

(3) Have a PLAN B

Lastly, have a backup plan that if you get infected with the malware, you don't have to resort to paying the ransom. Always remember their business is getting you to pay the ransom, not necessarily fixing your computer with your decryption key. Criminals tend to focus more on getting paid than helping your recover the files. Recent backup copies of your documents and photos makes the ploy of locking you out of your files much less intimidating. You can also go with a hosted email solution like Microsoft Office 365. This way, if your hard drive gets scrambled, you can still get to your email from any internet connected device. A final task is to have a reliable malware application protecting your computer. A good PLAN B has at least one recent copy of your data, and a nice secure digital fence around your computer.

It wasn't that long ago, we would worry about one or two major malware alerts a year. Now we see a critical attack each month or less. . Each generation tends to get more sophisticated in how to access your important data. A few careful, commonsense actions can help keep you safe.

8 views0 comments

Recent Posts

See All
bottom of page