The latest ransomware attack which started out in Ukraine, affected Multinational corporations from France, Denmark and USA on Tuesday. Banks, Government Organizations and even Kiev airport in Ukraine were adversely affected by the cyberattack.
What Petya, Nyetya is all about ?
The ransomware initially named as Petya by Kaspersky labs invaded companies like Maersk, Saint Gobain, Merck, WPP on Tuesday. Hackers used an encryption program to lock down systems, after which they demanded the victims to pay a ransom of 300 dollars to receive a decryption key which would unlock their systems. The payments were made through Bitcoin an online payment system.
Web security experts later found that the virus was not Petya. The ransomware was similar to Petya, but possessed different string functionality altogether. Kaspersky labs redubbed the virus as ‘NotPetya’ which later went on to be called as Nyetya and other names. Romania’s web security company called the virus ‘Goldeneye’.
How does it work?
The ‘bigger and badder’ version of WannaCry; this latest Nyetya virus combines exploits of its predecessor. The exploits EternalBlue and EternalRomance compromises the vulnerability in Microsoft’s Operating system by implementing the Server Message Block (SMB) protocol. This basically gives hackers access to the user’s files.
The virus usually spreads through clicking on email attachments or shared links, since that is the most commonly used trick to unleash malicious code into the systems.
“As ransomware also typically spreads via email, customers should exercise caution when opening unknown files,” a Microsoft spokesperson said.
How to protect yourself from the ransomware?
Installing an effective anti-virus program will serve as the first line of defence towards such cyberattacks, since anti-malware softwares warn users about malicious softwares or file downloads.
Microsoft has released multiple patches (system updates) to succeed the vulnerability. Therefore it is crucial that Windows OS users click on the following link and install the Microsoft Security Patch .
Data back-up is another way to secure your files in case of such attacks. Users can create a copy of important files and and sensitive data into an external hard disk or a pen drive. This prevents file loss even if the system is infected.
What to do in case of infection?
Do not pay the cyber criminals. Previous reports suggest that some of the users did not completely get their data back. Users have also not received the decryption key in certain cases.
— haveibeencompromised (@HIBC2017) June 27, 2017
So in case of such infection users should immediately disconnect the internet, which serves as a gateway to the hackers. Then the computer has to be shut down (manually), this kill switch helps stop the encryption code spreading to other files. After the kill switch, users can reformat the system (which will wipe out entire data) and install a fresh Operating system.
Regular backup of data and constant anti-virus updates will help users stay immune to further such attacks.
Users can also click on the following link to see real time mapping of cyber threats around their area.