How to Protect your Business from Petya Attack

Published On : 2017-06-29

Past two months have shaken the world that believed interconnectivity could be risk-free. Millions of dollars in investments directed towards development of connected devices & solutions have incurred a standstill as companies from around the world have been caught off-guard by multiple ransomware attacks. Just when we thought that proliferation of Internet of Things (IoT) promises users a secured and well-bridged future of business growth, dozens of multinational companies were hit by the WannaCry ransomware. The first attack (WannaCry) affected thousands of IoT devices and computing systems, spreading like an uncontainable virulent disease. Things didn’t stop there, and the global computing grid was recently hit by another lethal ransomware called the Petya (also dubbed as its variant called NotPetya). The Petya attack is turning out to be an even more global catastrophe than WannaCry, testing the credibility of world’s leading cybersecurity forces.

These two back-to-back global cyberattacks have attested that safeguarding business in the future is likely to be an uphill struggle. Petya, the malicious software, has reportedly spread across large firms and corporate communities, which include the WPP advertising firm, a legal consultancy named DLA Piper, food company called Mondelez, and the Danish shipping giant Maersk. Like WannaCry, Petya ransomware is rapidly spreading through business networks that use Microsoft Windows operating systems. Petya is taking over computers and demanding a ransom of US$ 300 in Bitcoins for releasing the blocked (encrypted) data through decryption keys. Following the global attack that took place on June 27, major antivirus companies are claiming that their updated offerings can protect your business networks against Petya infections.

Symantec and Kaspersky – the “Alleged” Petya Slayers

Rising to the challenge is the California-based software company, Symantec Corporation, who has updated its existing anti-virus and cybersecurity software products. Symantec claims that its updated cybersecurity software is capable of detecting the malware actively, and can protect Windows from recurring Petya infections. The company’s Russian counterpart, Kaspersky, also claims that it has developed an antimalware software which can detect Petya encryptions before infection, however, its ability to protect Windows after attack is under trials. Infected business networks are now deciding whether to adopt such underdeveloped solutions, or to keep looking for an ultimate fix for Petya. 

Can we make our Windows PCs Petya-proof?

Little did we know that Microsoft had launched a defender patch in early 2017, critical for averting malware attacks entering from Windows’ EternalBlue vulnerability. EternalBlue, a computer security exploit believed to be developed by the US National Security Agency, has been a key gateway for hackers associated with WannaCry and Petya attacks. By using loopholes in Windows’ Server Message Block (SMB) protocol, this exploit has been orchestrating the Petya infections across large networks of connected computers. As a preventive measure, companies can update their Windows operating systems with the newly-launched patch that defends malware attacks from this vulnerability, and stops one major route for Petya infestation. This patch can also protect future attacks with variable payloads.

Another line of defence for protecting against Petya attacks has been formulated through recent research. It has been discovered that the malware checks the presence of a read-only file, identified as C:\Windows\perfc.dat. If this alleged “antidote” is present on your system, the ransomware will not run the encryption process, and will be unable to block data in the first place. Albeit, this countermeasure is more of a temporary fix, than a cure-all; the Petya malware is likely to continue to gain foothold through other avenues.

And, if you are looking at the last resort – paying the ransom, then be aware that it won’t do any good either. The email address mentioned in the ransom has been shut down by global cybersecurity agencies after witnessing that users who paid the ransom were provided with decryption keys that formatted their operating systems altogether. If machine reboots and you see the ransom message, it is advised to immediately power off the computer to stop the encryption process. Files and data will be unharmed if Petya is unable to complete its encryption process. After that, all you need to do is disconnect the system from the internet, reformat the hard drives, and reinstall data from a backup.

In the wake of these ransomware attacks, there has been considerable surge in adoption of secure and real-time data backup solutions that can regularly safeguard large payloads from vast business networks. Meanwhile, companies who are victims of WannaCry and Petya attacks are utterly bemoaning their lack of ability in backing up their data effectively and regularly.