Petya Ransomware Hits South Africa 

 

Just as IT managers the world over were exhaling after the Wannacry ransomware outbreak, the world has been hit with a new attack in the form of Petya.

Originally circulated in 2016, this latest malware is an offshoot of Petya but with stronger encryption, the new version has been dubbed “NotPetya” or “GoldenEye,” with some still referring to it as “Petya.”

This viscious strain is targeting countries including the United States, South Africa and the United Kingdom. Petya has already infected 2000 targets including global corporations like Maersk, Merck, and organisations in the Ukraine where it seems to have originated.

Get the Cibecs Ransomware Protection Toolkit

 

The attack appears to have been originally deployed through an automatic software update feature built into an accounting program. Like WannaCry, Petya uses EternalBlue, a hacking weapon developed by the NSA and leaked online.

While both strains have used the same weapon, it looks like Petya is harder to stop. According to Bogdan Botezatu, a researcher at Bitdefender,  “The quality of the code improves from iteration to iteration—this GoldenEye ransomware is pretty solid.”

Educate your Users on how to Protect themselves from Malware

 

Wannacry contained a kill switch in the form of a badly coded feature meant to help the program avoid analysis, unfortunately, the latest version of Petya does not seem to have something like this. What makes Petya so dangerous is that it does not rely solely on EternalBlue to access systems, it can also deploy other infection options as well. For example, through the software update feature of a Ukrainian program called MeDoc, and most concerning, possibly through Microsoft Word documents laced with malicious macros.

This ransomware also uses the leaked NSA exploit known as EternalRomance for remote access and may be using EsteemAudit, to target computers running Windows XP and Windows Server 2003. Microsoft.

How Prepared are you for a Ransomware Attack? Take the test

 

Once Petya has access to the network, it steals administrative credentials, to give it control over system management tools like Windows PsExec and Windows Management Instrumentation. With enough administrative privileges, it can instruct all other PCs it has access to, to run the malware.

South Africa’s 702 Radio Station reported this morning that businesses are being attacked when powering up their computers they were shown the screen below.

Petya ransomware, also know as GoldenEye

ransomware requires a Bitcoin payment for victims to access the decryption key, however, the email address used to communicate with the attackers has been suspended, meaning that even if a ransom is paid there is no way for victims to get the decryption key and regain access to their data.

“We didn’t even consider paying the ransom” Read how NJR Steel beat ransomware

 

While Petya is not seeing nearly as many casualties as WannaCry, do not be fooled, the attack seems to be more intentional in its targets and it is at this point extremely difficult to stop. Take steps now to protect your business and data against this ransomware.

 

Protecting Your Data Against Petya: Six Practical Steps to Take

 

Unfortunately, the diversity of deployment options means that a single patch can’t provide protection against Petya. However, IT managers and administrators can protect their network from Petya with these steps outlined in our free Checklist PDF. The PDF of Petya Ransomware Protection steps includes:

  • How to be able to completely recover users data without paying the Ransom
  • What files to stop from running
  • What Microsoft protections you should be employing
  • How to educate your users and better protect your business computers from Malware.

Get the Free Petya Protection Checklist: 6 Steps to Protect Your Business from Petya

 

FEATURED POSTS
Two ways technology is bad for your employees

Using technology to make a business more efficient and effective is vital to the growth and sustainability of the organisation. However, while it can make a business more efficient, it’s essential to remember that technology can also create an unfriendly workplace and even prevent users from getting work done. Speed of Work Technology helps to…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

CIO and compliance

The Chief Information Officer (CIO) plays a crucial part in assisting with compliance within organisations. The IT department provides technology resources and skills that are needed by corporate compliance officers when conducting projects that assist in keeping their company in line with laws and regulations. The problem is that compliance officers often have to rely on other departments…

Discover how easy endpoint data protection can be