PETYA RANSOMWARE ATTACK !! HOW TO BE SAFE FROM IT ? || COMPLETE DETAILS
After the massive "Wannacry" ransomware attack, the hackers have came up with this new ransomware named 'PETYA'. The PETYA ransomware virus doesn't encrypt the all files of PC like wannacry but instead it encrypt the most important files that run the operating system. MORE DETAILS are as below.
========================Where did it start?===============================
The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian Cyber Police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. A second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.
================How does the ‘Petya’ ransomware work?=====================
The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry”, said Ryan Kalember, of cybersecurity company Proofpoint.
======================Is there any protection?===========================
Most major antivirus companies now claim that their software has updated to actively detect and protect against ‘Petya’ infections: Symantec products using definitions version 20170627.009 should, for instance, and Kaspersky also says its security software is now capable of spotting the malware. Additionally, keeping Windows up to date – at the very least through installing March’s critical patch defending against the EternalBlue vulnerability – stops one major avenue of infection, and will also protect against future attacks with different payloads.
For this particular malware outbreak, another line of defence has been discovered: ‘Petya’ checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. But this “vaccine” doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
=========What should you do if you are affected by the ransomware?===========
The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @HackerFantastic on Twitter.
If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. Back up your files regularly and keep your anti-virus software up to date.
SO A TIP TO ALL MY FELLOW STEEMIANS PLEASE DON'T DOWNLOAD UNECCESSARY FILE FROM UNKNOWN SOURCES AND IF YOU ARE ATTEACKED BY "PETYA" IMMEDIATELY TURN OFF THE PC. IN THAT WAY YOU CAN SAVE YOUR PC.
TO MAKE YOUR FRIENDS SAFE RESTEEM THIS POST.
FOR MORE INTERESTING POSTS LIKE THIS FOLLOW ME. IF YOU LIKED IT UPVOTE IT.
IF ANY QUERY COMMENT BELOW OR WANNA SAY THANKS COMMENT BELOW.
Source: - theguardian.com