What is Petya? How to protect against the newest ransomware attack.
Yesterday afternoon, reports began to surface about a new series of cyberattacks from a ransomware virus called ‘Petya’. This comes just one month after the WannaCry ransomware ravaged IT systems across the globe, including the UK’s National Health Service (NHS).
For those who don’t know, Ransomware is a form of malware which encrypts files on infected devices and then demands payment in Bitcoin for the affected user to recover them. And like the ‘WannaCry’ ransomware attack, Petya spreads rapidly through a network once infection occurs.
In this post, we’ll go over what you need to know about this new attack and how you can best protect your data.
Am I susceptible?
So far, the malware seems to only affect Windows based devices. Since Windows makes up over three quarters of the operating system market, most users have the potential to be infected by the virus.
As Petya virus delivered via email, weak email filtering policies will cause risk of malicious emails getting through to end users. Those unable to identify phishing and/or spoofed emails will be vulnerable to infection.
Ransomware attacks are typically more targeted to maximize damage and profit as well, so industries which place a high value on data must be especially vigilant. Financial services, health care, and manufacturing are the top three targeted markets today.
Users running outdated operating systems such as Windows XP and Vista are particularly susceptible as they are ineligible for software updates.
How can I protect myself?
Per IBM, 95% of malware attacks are a direct result of user error. One of the best ways to protect company data is to educate user on how to identify malicious emails. Keeping operating systems and anti-virus up to data also reduces the risk of infection due to bugs and other security holes.
Cyberthreat can also be mitigated by deploying security processes to restrict risky behaviors, such as Exchange Advanced Threat Protection, which scans emails for malicious content.
How do I know if I am infected?
There are several telltale signs that a computer has been infected by ransomware:
- Files are missing, inaccessible or end with unfamiliar extensions
- Device inexplicably reboots and displays a drive repair warning
- Computer displays a “ransom note” demanding a fee be paid in Bitcoin
If you or a user in your organization experience any of the above symptoms, turn the device off immediately and seek help from an IT professional.
Short of restoring from a backup, there is no way to regain access to your files. So far, no payments to cyber criminals responsible for the Petya attack have resulted in files being decrypted.
What is Microsoft doing to help?
As a leader in cyber security technologies, Microsoft has gone to great lengths to improve the security of its services, investing one billion dollars annually into research, development and acquisitions. Current strategies leverage machine learning to identify threats and comprehensive monitor/report services.
Just a few updates in the last month include:
- Newly created Windows 10 E5 plans include Windows Defender Advanced Threat Protection (ATP), which monitors devices for signs of infection before they spread
- A recent acquisition of the security firm Hexadite will likely improve ATP further by using AI to identify unknown forms of malware, quarantine content, and update devices to defend against the new threat.
- Microsoft has rolled out updates to unsupported operating systems to defend against WannaCry
How does Metro CSG help?
Due to the inherent profitability of ransomware, its use by cyber criminals has skyrocketed with the increasing ubiquity of encrypted payments. Therefore, Metro CSG has taken steps to help protect our customers from these new threats.
- Through our managed service plans, we include regular support patching and updates to keep devices and anti-virus current.
- Customers subscribed to Enterprise Mobility + Security (EMS) or Windows 10 E5 plans will have their devices secured against infection with end-point protection tools.
- As Cloud Solution Provider partners, we offer direct tier-2 support services, and can even provide immediate escalation to Microsoft’s top tier support for emergencies.
Overall, attacks like Wannacry and Petya are very real threats which are not likely to go away anytime soon. With a bit of knowledge on how these attacks are conducted, however, businesses can effectively mitigate the risks.
If you have additional questions at the Petya attack or are interested in improving IT security, please contact us! We would be happy to discuss further with you.