Following the recent WannaCry ransomware attack, a new variant leveraging Petya ransomware emerged globally on Tuesday, June 27, 2017 starting in the Ukraine and spreading to millions of potentially affected people around the world. Machines which are up-to-date with Microsoft updates and security patches has a low probability of exposure. Unfortunately, this attack includes the ability to leverage one vulnerable machine on a network and propagate to other machines that were actually current. This has been reported second major ransomware attack in two months.
The malicious software will reach to machine through attachment or from melicious websites. The ransomware infects computers and then waits for about an hour before rebooting the machine. Thereafter it will started encrypting files on the computer. The ransomware takes over machine and will demands $300 as ransom. This ransom is paid in Bitcoins. This is not clear yet who is behind it, but thinkers assume someone who wanted the malware to look like ransomware. It is also guessed that the motive of this attack is destructive against Ukrainian Government. Security researcher Nicholas Weaver told cybersecurity blog Krebs on Security that ‘Petya’ was a “deliberate, malicious, destructive attack or perhaps a test disguised as ransomware”. Pseudonymous security researcher Grugq noted that the real Petya “was a criminal enterprise for making money,” but that the new version “is definitely not designed to make money.
This is designed to spread fast and cause damage, with a plausibly deniable cover of ‘ransomware’. The payment mechanism in the malware was inept to the point of uselessness because it has a single hard coded payment address, meaning the money can be traced. The requirement to email proof of payment to a webmail provider, meaning that the email address can be – and was – disabled; and the requirement to send an infected machine’s 60-character, case sensitive “personal identification key” from a computer which can’t even copy-and-paste, all combine to mean that “this payment pipeline was possibly the worst of all options (sort of ‘send a personal cheque to: Petya Payments, PO Box … ’)”
Steps once infected
Almost after one hour of infection Petya will reboot the computer. If you observe that you computer is infected, turn it off completely; Disconnect from Internet. Don’t think of paying ransome because the contact details provided may or may not be correct. Format your hard disk and reinstall operating system. Restore your files from backup.
Make sure you have genuine windows and all updates installed including all Microsoft security patches. Ensure good anti virus or Malware protection software is installed. Keep a good backup of important data. Don’t open attachment from unknown source. Understand well that nothing on internet is free now-a-days; everything comes packaged with something. Stay protected !!!!
All information above is based on web search and online authentic technical channels. Verify your self before acting in any way.