A new ransomware, named Petya has impacted scores of PCs worldwide, with Europe being the worst affected. The ransomware has affected computers in 14 countries which also includes India, UK, US, Mexico, Spain, Iran, Russia, France, Denmark and Brazil.
The new threat is quite similar to the recent infamous Wannacry ransomware.
That's because Petya Ransomware too, exploits the exact same security vulnerability as its predecessor, which is called EternalBlue, and exists in Windows XP to Windows 10. This is the exploit which NSA used to spy on users, ultimately causing the Wannacry outbreak a month ago, which infected over 200,000 computers.
Security firm Emsisoft, has published a detailed article about the ransomware. It says that the Petya Ransomware uses an 128-bit AES encryption algorithm to encrypt the files, followed by another encryption using an RSA public key in the executable. Then a custom OS is installed on the computer's master boot record (MBR), to allow Petya OS to boot, and encrypt the master file table of the NTFS File System in Windows. And finally, the screen which you see above, the ransom note, is displayed to the user, demanding them to send money via Bitcoin, in exchange for the decryption key,.
Is my computer vulnerable to Petya ransomware?
Do you have the SMBv1 protocol enabled? Is the PC connected to the internet? If your answer is yes to both, proceed to the third question.
Does your PC have the MS17-010 security fix installed? If the patch is installed, then your PC is safe from such attacks.
How to prevent the Petya Ransomware?
We have detailed the steps needed to protect your computer from malware, in our previous article. In addition to it, you can also install the latest security patches for Windows XP and Windows Server 2003, which Microsoft released after the WannaCry attack.
Thanks Grr for the tip.