A new strain of Petya ransomware, like the global WannaCry ransomware strike in May that affected Cook County, Ill., is using an EternalBlue exploit to spread, according to Symantec. Even if your organization has patched against it, the virus can still spread.
“Recent ransomware campaigns like WannaCry and Petya have shown the world that there is no substitute for mature multi-layered security solutions and practices. Attacks impacting one’s personal or business information occur without warning and often cause irreversible damage,” said Vikram Thakur, Symantec Security Response technical director.
Petya ransomware, aka Golden Eye, has struck more than 65 nations, according to National Public Radio. The ransom is a $300 bitcoin payment to retrieve stolen data. The highest number of targets are affecting the Ukraine.
The executable worm schedules a reboot, providing time to allow for it to spread to other computers in a network before an individual computer’s user-mode encryption occurs. The Petya ransomware overwrites and encrypts master boot records.
Once the program completes file encryption on an individual computer, the following message appears:
Thakur prepared the following list of actions to help EfficientGov readers prevent Petya ransomware and similar attacks, before they happen:
- Use mature end to end integrated security solutions
- Update operating systems and applications as frequently as the business allows
- Segregate organizational networks based on business functions
- Employ the principle of least privilege by allowing users access only to the information and resources that are necessary for legitimate business purposes
- Backup information considered critical to business continuity including offsite or offline methods (cloud services or media which is not persistently connected)
- Conduct periodical tests to ensure functionality and integrity of backed up data
Most cybersecurity officials advise against paying. The Petya bitcoin account had already received more than $10,000 by the time of NPR released its report.