The world woke up on the 28th June to the news of a second global ransomware attack following the WannaCry attack that took place less than six weeks ago, and affected over 230,000 computers in 150 countries; including the UK’s National Health Service. We will refer to this attack as the ‘Petya’ ransomware attack as very little is known about it at this point besides its slight resemblance to an earlier attack of the same name. This attack caused malicious software to spread through multiple large firms across Europe and the USA, including advertising giant WPP, food producer Mondelez, law firm DLA Piper and Danish shipping company Maersk.
What is ransomware and how does it work?
Ransomware is a type of malware that effectively holds computers and data to ransom by blocking access and demanding a fee to be paid before releasing them. It typically does this encrypting important documents (in the WannaCry case this was done by changing the file names) and requesting a lump sum of money to be paid in Bitcoin for the digital key that is needed to unlock the files.
What is Petya Ransomware?
Early news stories of the attack dubbed the ransomware worm as ‘Petya’ because on the surface it seemed to share similar code to a previous piece of ransomware – although many, including Kaspersky Lab now believe it to be a “new ransomware that has not been seen before,” which led them to refer to it as ‘NotPeyta’.
What can you do to defend yourself against such ransomware attacks?
First things first, you should always make sure that your Windows computers have installed the latest updates, as they often have security patches that help defend against attacks like these. You can check whether you have the latest patch using the Control Panel (Windows 7) or Windows Settings (Windows 8, 8.1 or 10).
You should also ensure that you are running some form of antivirus software. First indications are that this attack was detected by many antivirus brands, including Avira, Bitdefender, McAfee, Norton and many more.
Another important thing to remember is not to use a personal Windows machine to connect to your organisation’s network using a VPN. The Windows security updates will not entirely protect machines on enterprise networks.
If you do become the unfortunate victim of a ransomware attack, do not pay the ransom. It’s likely that it won’t result in your files being decrypted anyway and, in the case of the Petya attack, the email listed on the ransom note has already been suspended. Your best bet is to disconnect from the internet, reformat the hard drive and reinstall your files from a backup.
How a stringent auditing strategy could be the answer
There are many ways in which a continuous and pro-active auditing strategy can help to detect and prevent the spread of ransomware in your critical files and folders. Having a third-party solution that can spot anomalous change activity taking place over a short space of time, or detect when sudden permission changes are taking place, with real time alerts and reports, can help you spot the symptoms of ransomware before it becomes a problem. For more info on how LepideAuditor can help you fight ransomware, click here.