What is Petya? How to Protect Against Ransomware?
What is Petya?
Petya ransomware is part of a new wave of ransomware attacks that has hit computer servers all across Europe, particularly in the Ukraine and Russia. It is hijacking computer data, infecting and encrypting all the user’s files and displaying messages demanding a Bitcoin ransom worth $300. With most ransomware strains, victims who do not have recent backups of their files are faced with a decision to either pay the ransom or kiss their files goodbye.
This new strain has worked its way around the world at alarming speed. The ransomware spread using a vulnerability in Microsoft Windows that the software giant patched in March 2017—the same bug that was exploited by WannaCry. Microsoft released a patch for the Eternal Blue exploit, but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May, and may still be vulnerable. The first hit were government and financial institutions in the Ukraine, which metastasized to about 2,000 computer systems around the world.
How to Protect Against Petya
Luckily, there are various safeguards you can take to protect yourself and your clients from Petya.
Patch, Patch, Patch
I feel like a broken record on this because people have been saying it for years, but the best ways to protect against these attacks is to stay as up to date as possible with patches and educate your users. Petya, like Wannacry and so many other attacks, relies on outdated patches to infect systems and propagate into new systems. However, Petya went one step further by having the ability to propagate to fully patched systems once it got into your environment. This means that a single, low-value system missing a patch can serve as an entry point and allow the ransomware to infect fully patched, higher-value systems. In the end, patching is only as good as your weakest link—meaning companies need to be more vigilant than ever when patching their systems.
Realize the Difference Between Owning Security Tools and Using Them
The reality of both Petya and Wannacry is that even if you weren’t patching, basic security tools that most organizations own—such as antivirus and other endpoint protection tools—would prevent any damage from these attacks. But how did so many organizations get impacted? The answer is simple: they, like many organizations, lacked adequate management of their security tools.
Investing in security tools is a great step towards securing yourself, but realize that installing these tools without any ongoing management is like owning a car you never fill up with gas. It might look good in your driveway but it isn’t able to do what it was designed to do.
Understand the Limitations of Basic Protection Tools
These attacks are a scary reminder of the changing threat landscape—one that is especially impacting small- and medium-sized businesses (SMBs). SMBs used to be able to safely assume that the advanced attacks would be focused on large corporations and governments because there wasn’t enough to gain using these mechanisms against them. However, with these recent attacks they need to realize how that reality has shifted.
These attacks focus on a volume based mentality. For example, getting small amounts from lots of people, versus large amounts from a single company. They use very powerful exploits, created by government intelligence agencies, to allow them to have broad-based, unfocused attacks that are just as likely to cripple a Mom and Pop Shop as a multinational bank.
While antivirus and firewalls are incredibly effective in reducing risk, businesses need to begin to think about increasing the security solutions they have in place. Given this new landscape, SMBs can turn to providers such as FibreFly to put technologies in place to detect and respond to threats and breaches when they do penetrate defenses but before they have a chance to do harm. Additionally, businesses must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks.
This Petya ransomware outbreak is yet another reminder that the threat landscape is ever evolving and growing more sophisticated. While there are many unknowns, there are some basic that will protect your business