Financial Self Defense

What You Need To Know About The Petya Attack

A massive cyberattack swept through Europe this week, throwing hundreds of businesses into chaos and confusion. The attack originated in Kiev, Ukraine, and quickly spread to the Middle East and the United States, affecting many types of businesses, hospitals and financial institutions. Ukraine was hit the hardest, with systems compromised at its central bank, municipal metro, in Kiev's Boryspil Airport and at the Ukrenergo electricity supplier.

The damage the virus caused was widespread and severe. Maersk, the huge Danish shipping company, has reported systems down across multiple sites. The virus reached servers for Rosneft, the Russian oil company. Closer to home, the New Jersey-based pharmaceutical company Merck has reported substantial damage caused by Petya.

Here's what you need to know about Petya and how to protect yourself from future ransomware attacks:

1.) What is Petya?
Petya is a strain of ransomware. Like its predecessors, Petya encrypts the victim's computer, rendering it unusable unless the victim pays a ransom. Petya demands that $300 be paid to a static Bitcoin address, and that a Bitcoin wallet and installation key be emailed to a Posteo email address.

Sound familiar? It should. This virus comes hot on the heels of last month's WannaCry attack, which hit more than 150 countries across the globe.
In fact, the two attacks are eerily similar. A quick analysis of the virus by two separate firms confirmed that the new ransomware uses the same EternalBlue exploit harnessed by WannaCry. The exploit targets Windows' SMB file-sharing system, and was allegedly developed by the NSA and later shared by the Shadow Brokers hacking group. Microsoft has since patched this weakness, but many computers remain vulnerable.

Early reports identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is a new strain of ransomware, which it named "NotPetya." Later, the virus was officially dubbed "GoldenEye," and has since been interchangeably referred to as "Petya" and "GoldenEye."
Unfortunately, you don't need to be personally breached to be infected. You can be a responsible user, with updated security systems, and still be tricked into downloading malware through emails or even a shared Word document.

Though WannaCry affected hundreds of thousands of computers, it is amateurish when compared to GoldenEye. The newer ransomware not only encrypts crucial files, it ruins the victim's entire hard drive.

2.) Should I pay the ransom?
If your computer has been infected by GoldenEye, do not pay the requested ransom. As always, the demand for payment is merely a ploy to milk you for money. The attackers do not seem to have any intention - or any capability - of restoring an encrypted computer to its original state. If you pay the ransom, you won't see your money, or your files, again. To make it even worse, you will mark yourself as an easy target for future attacks.

3.) Who is behind Petya?

The origins of the attack are still unclear, but the involvement of Ukraine's electric utilities, and the fact that approximately 60% of Petya's damage was concentrated in Kiev, casts heavy suspicion on Russia.
The bigger question, though, is why the attack was carried out. Usually, ransomware has one objective: to make big bucks for the cybercrooks behind the attack. The creators of Petya, though, do not seem intent on raking in the dough. The virus has proven to be incapable of decrypting infected machines, discouraging ransom payouts. Also, Petya has an outrageously complex payment system, based on a single email address, which was shut down almost immediately after the virus went public. At last count, the Bitcoin wallet associated with the attack had netted only $10,000 - a woefully meager payout by ransomware standards.

This begs the uncomfortable question: What if money wasn't the point? What if the attackers just had a political agenda? As of now, there are no answers, only questions.

4.) Is there a fix?
Unfortunately, at this time, there is no complete fix for the ransomware. There is a way to block GoldenEye, but it won't shut down every infection. Experts have determined that it is impossible to find a killswitch for Petya, like there was for WannaCry.

5.) How can I protect myself from future attacks?
Perhaps the most disturbing factor in this attack is its resemblance to WannaCry - and the reality that the two attacks struck just weeks apart.

WannaCry should have been sufficient motivation for people to strengthen their computers' protection. Unfortunately, though, it appears that most people read about the attack and went on with their lives.
In the wake of the WannaCry panic, Microsoft released special patches to protect outdated computers from the NSA exploits. And yet, according to Avast, an antivirus company, 38 million PCs scanned last week still had not patched their systems.

Don't be the next victim!
Protect your computer by updating your security systems to the latest versions.

Remember: If you use an older OS, you are more vulnerable to attacks; be sure to use the Microsoft patch to keep your computer safe.
Also, make sure your antivirus software is updated regularly; many antivirus companies have also released patches to block Petya and this latest version of the virus.

Finally, use caution. Back up your computer on an external hard drive regularly. Be wary about opening unfamiliar emails and never download anything you can't explain.

With a bit of precaution and lot of protection, your computer will be safe from all malware attacks.

Your Turn: Did you take any action after last month's WannaCry attack? Why, or why not? Share your take with us in the comments!