Petya ransomware is proving to be one of the top cybersecurity stories of 2016.
Masquerading as a job application e-mail, Petya is an executable file that is sent within a dropbox link. Thinking that they are opening a job application, users run the file. And once the Petya application has been installed, the user’s system crashes.
The second phase of the attack commences when the user tries to reboot their computer. With the Master Boot Record now overwritten by the ransomware, the PC is left in a completely unbootable state.
Users are, effectively, locked out of their computers – unable to access any of the data residing on the PC.
Malicious strain
Anton Jacobsz, MD of Networks Unlimited, notes that “Petya is a particularly malicious strain of ransomware.
“Instead of affecting individual files, it denies access to the entire system by penetrating the low-level structures on the PC. Petya drops a malicious kernel that effectively encrypts the system, and then requests the user pay a ‘ransom’ to get the encryption keys.”
Via messages on their now-hijacked PC, users are guided through a step-by-step process and instructed to pay the ransom in the cryptocurrency Bitcoin. As more time passes, the Petya website notes that the ransom price increases.
The initial price for the encryption keys is reported to be 0,99 Bitcoins (the equivalent of nearly R7 000).
Addressing the human and the technology aspects
Jacobsz says that to effectively deal with Petya ransomware, organisations need to address it from both a technology perspective, as well as a social engineering perspective.
“It’s essential for users to be aware of these kinds of attacks, to look for the clues in the filenames and the publisher details, and to understand the dialogue box that requests the user hand over account control.
“However, social engineering will always be present in sophisticated attacks like this; and organisations cannot reliably expect all their staff to be able to recognise malicious files.
“With a comprehensive suite of Distributed Denial of Service (DDoS) protection tools, organisations are empowered with a real-time view of incoming threats to their network and their users.”
In fact, with the right cyber-security tools, organisations can overcome ransomware like Peyta – by decrypting and unlocking users’ systems, detaching the infected drive, and attaching it to a clean Windows system to extract data.
“Petya is a great example of the ‘cat and mouse’ scenario that is played out across the entire breadth of the security landscape. Attackers refine their approach, as organisations respond to each new threat with an enhanced security posture,” notes Jacobsz.
To stay ahead of this game, you need the latest cyber-security armoury – to not only provide robust defence, but also instantaneous visibility into potential or in-progress attacks.
“We emphasise speed-to-respond in our consultation with clients, and assemble latest-generation security solutions to detect DDoS attacks before they reach a critical threshold. This is something that is not possible with legacy scrubbing-centre approaches.”
Jacobz concludes: “The digital enterprise requires a proactive, real-time, and highly-coordinated approach – covering every area of the organisation – in order to combat the onslaught of malicious attackers.”