Another round of ransomware assault has just hit over 2,000 global targets, including Danish shipping company Maersk, US pharmaceutical company Merck, and many private and public institutions in Ukraine.
Unlike WannaCry attack that hit seven weeks ago, the latest attack seems to be more solid, without the previous design flaws. Security companies are confident the Petya ransomware uses the same software exploit in Microsoft products that WannaCry was able to exploit.
Symantec says it has confirmed the ransomware is using the EternalBlue vulnerability that is believed to have been developed by the NSA.
Originally called Petya, the current ransomware emerged in 2016, and no re-appeared with upgrades, such as better encryption. Some call the new iteration “NotPetya” or “GoldenEye”.
“The latest ransomware assault seems to be particularly dangerous,” says Marty Kamden, chief marketing officer of NordVPN, “One of the best protection mechanisms are patches, but they might not always work with this new version of Petya.
“Another way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot. After the device gets infected with a ransomware, it will wait for about an hour until reboot. Reboot is required for a malware to encrypt the system, so in certain cases, if the device gets terminated in the encryption process, it gets disrupted and information can be saved.
“Generally, system administrators are still not well-prepared to protect their networks, and these attacks will only keep getting worse,” he adds.
Here is NordVPN’s advice about protecting a network from latest ransomware attack:
* Power down when unusual messages pop out. If you encounter a “Check Disk” message, quickly power down to avoid having the files encrypted by the ransomware.
* Know which file to block. Stop the spread within a network from the Windows Management Instrumentation by blocking the file C:\Windows\perfc.dat from running. If such a file doesn’t exist yet, create it yourself and make it read-only.
* Protect local credentials. Use Microsoft’s Local Administrator Password Solution to protect credentials that grant network privileges.
* Always install latest security updates. Security updates often contain patches for latest vulnerabilities, which hackers are looking to exploit.
* Don’t open anything suspicious you get through email. Delete dubious emails from your bank, ISP, credit card company, etc. Never click on any links or attachments in emails you’re not expecting. Never give your personal details if asked via email.
* Backup all data. Backup your data in an alternate device and keep it unplugged and stored away. Backing up data regularly is the best way to protect yourself from ransomware because only unique information is valuable.
* Use a VPN for additional safety. Using a VPN when browsing can protect you against malware that targets online access points. That’s especially relevant when using a public hotspot. However, keep in mind that while a VPN can protect malware from spreading while it’s connected, it cannot protect you from downloading the malware. While a VPN encrypts your activity online, you should be careful when downloading and opening certain files or links.
* Close pop-up windows safely. Ransomware developers often use pop-up windows that warn you of some kind of malware. Don’t click on the window – instead, close it with a keyboard command or by clicking on your taskbar.
* Use anti-virus programs. Make sure you have installed one of the latest reputable anti-virus programs to make sure you are fully protected.
