2 mins read

Large number of companies across Europe, Russia, India and the US are falling victim to another cyber attack after the outbreak of recent WannaCry ransomware attack.

Bitdefender has identified new Petya ransomware’s massive cyber attack is currently unfolding worldwide. Preliminary information shows that the malware sample responsible for the infection is an almost identical clone of the Golden Eye ransomware family.
Petya ransomware is spreading fast with Ukraine being the worst hit country in last 24 hours. The large-scale attack by new ransomware malware Petya is mostly targeted on companies mostly in Ukraine and Russia. As per prior estimation hundreds companies have been attacked across the globe.
What is happening after infection?
Unlike most ramsonware, the new Petya/GoldenEye variant has two layers of encryption: one thatindividually encrypts target files on the computer and another one that encrypts File System (NTFS)structures. This approach prevents victims’ computers from being booted up in a live OS environment
and retrieving stored information or samples. Also, Petya uses a strong encryption algorithm andthere is no way to create a decryption tool. The cipher asks $ 300 in bitcoins. Victims have alreadystarted to transfer money to the purse of criminals – according to data on Tuesday evening, more than
10 transactions.
How it comes?
According to preliminary information, the virus is spreading by same way like many threats, companyemployees open malicious attachments which can come by e-mail. First version of Petya was sent asCV attachments. The way of working Petya is known and has already been described in details by
many computer security specialists earlier. Petya ransomware is coming to the local network in the same way as the famous WannaCry virus, which attacked 300,000 computers in 150 countries in May of this year.
What does it do?
Petya ransomware encrypts sensitive and personal files without giving the possibility of decryption until a ransom is paid by the victim. It locks the computer’s screen and displays a message asking for money. In this case, no file is encrypted, only the user is forced to proceed with the payment.
Furthermore, it blocks applications from running.
Interestingly, ransomware malware is known for a long time from ’80s. Virus HIV/AIDS hided catalogsand encrypted files. In its initial days, it targeted only regular users with Windows OS, but now it hasevolved and has become a serious threat for businesses.
Since the start of 2016 the ransomware attacks have increased exponentially and deployed in strategicplanned way as compared to previous periods. These new trends of threats are not only harmful for home users for business and public sectors.
Do I need to pay ransom if my despot has been infected?
We don’t have any data and confirmation that if you pay then you get your encrypted data back.
As per recent updates, Bitcoin address which is being used by Petya Ransomware has received 42 transactions worth $ 9491. However, the email-id that was used to communicate with the criminals has been suspended. This leads to a scenario wherein the people will not be able to get the decryption key. Due to this, victims should detest from making any payments to the criminals.
What need to do to stay protected?
– Use license copy of OS.
– Use license copy of program software.
– Install all updates and patches of security system regularly.
– Do regular back up your systems.
– Set mail filters that will filter out encrypted archives, executable files, and it is recommendedto check office documents on “sandboxes” before delivery to users
Bitdefender solutions block known samples ransomware including the new Petya/GoldenEye variant.
If you are running a Bitdefender security solution for consumer or business, your computers are not indanger .Ransomware Protection – is a new module included in all Bitdefender 2016 classic line products (Antivirus Plus, Internet Security and Total Security) and it is designed to protect certain folders from ransomware malware that infects client’s PC’s, encrypts personal files, making them unusable and demand money in exchange.