Petya Ransomware Attack

In just the last 24 hours, a new and vicious cyber-attack has spread across the globe and continues to pick up speed.

Dubbed “Petya”, this latest ransomware attack targets a Microsoft vulnerability previously exploited by WannaCry, and possibly several other vulnerabilities in internal systems.

Petya has taken out power grids, ATMs, airports, and metro systems, a hospital system in Pittsburgh, an international logistics company, and major Russian oil and steel producers so far.

According to NPR, security experts in Ukraine, currently reported as the hardest-hit country, are advising Ukrainians to turn their computers off for the time being until the issue is resolved.

Other countries affected include Poland, Russia, Italy, the UK, the Netherlands, Germany, France, and the United States. Even New Jersey-based Merck & Co. reported being hit Monday.

Paying For Access

How does ransomware work?

In this case, users are locked out of their computers, their files are encrypted, and a “ransom note” appears on the screen, demanding $300 in bitcoin in order to regain access to the machine.

It has yet to be determined if paying the ransom works.

WannaCry All Over Again

Petya has many similarities to WannaCry, the global ransomware attack that started in early May 2017.

WannaCry spread like wildfire, affecting over 150 countries around the globe in just three days and has not yet been stopped. Just this week, one of Honda Motor Company’s plants in Japan was hit.

It appears as though both WannaCry and Petya used the same Eternal Blue exploit that was identified by the National Security Agency (NSA) some time ago.

The NSA initially chose to withhold knowledge of the vulnerability from Microsoft, leaving millions of systems across the globe an easy target.

Hackers compromised some of the NSA’s files and released the information to a global hacking network back in April 2017.

Once they were aware of the issue through the leaked documents, Microsoft released a patch immediately, but many people, corporations, and governments still have yet to perform the update.

Microsoft’s President and Chief Legal Officer Brad Smith issued a statement at that time warning against, “…the stockpiling of vulnerabilities by governments.”

How to Protect Yourself

Not only did Microsoft release patches to protect against attack once they were made aware of the vulnerability, they’ve put together a full post describing how to protect yourself and your network in response to the initial WannaCry cyber attack.

Included in this post is the recommendation, “…to further protect against SMBv1 attacks, customers should consider blocking legacy protocols on their networks…” which addresses the issue networks are facing currently with the Petya ransomware attack.

Make time to download updates as they occur; ensure that your software and security patches are always up-to-date. Furthermore, be suspicious about unsolicited files.

If you receive a link from someone, make sure you know where it came from. Be vigilant. And don’t forget to back up your files regularly on an external hard drive.

Bottom line: It’s imperative to stay on top of updates and patches in order to stay secure.