Article:

“Petya” Ransomware Attack

18 July 2017

Original content provided by BDO Indonesia


Seven weeks after the phenomenal outbreak of “WannaCry” Ransomware which infiltrated 230.000 computers in 150 countries, causing US$4 million potential losses, another cyberattack struck again. In the end of June, a ransomware called “Petya” attacked over 12.000 devices in around 65 countries, seizing systems of high-profile victims like Danish shipping giant Maersk, US pharmaceutical company Merck, and multiple private and public institutions, leading to PCs and data being locked up. Experts said, Petya ransomware is more threatening compared to WannaCry. While WannaCry’s flaws design caused it to flame out after a few days, this latest ransomware has learnt from the mistakes.

What is Ransomware?

Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it.

How does it work?

When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files.

How does the “Petya” ransomware work?

The ransomware takes over computers and demands US$300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one.

It has a much better mechanism for spreading itself than WannaCry.”

                                      - Ryan Kalember, of cybersecurity company Proofpoint.

 

What should you do if you are affected by the ransomware?

The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @HackerFantastic on Twitter.

If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. Back up your files regularly and keep your anti-virus software up to date.

However, sometimes the employees are reluctant to do all things because of their deadlines and they do not realize that their PC are at potential risks. Furthermore, most companies have not supported with resources to prevent and monitor such risks.

If this is where your company stands, you may consider to ask help from the expert. There are many institutions that provide these services, and one of them is BDO Konsultan Indonesia with its IT Security Advisory Services.

BDO Konsultan Indonesia provides a range of IT security services:

  1. Risk Assessment & Penetration Testing/Vulnerability AssessmentAssess risks and identify vulnerabilities to digital assets; evaluate potential impact and exposure, prioritizing risks against the costs of protections, including assessment, security testing, remediation, and executive-level reporting to guide security investments.
  2. Risk Management Strategy & Program Design – Design and implement a comprehensive program aligned with an existing enterprise risk management framework, including strategy, organizational structure, governance, policies and procedures, training, and both internal & external communications.
  3. Security Architecture & Transformation – Design and implement a cybersecurity architecture and framework tailored to business needs and the enterprise ecosystem, encompassing access controls, entitlement, data protection, security monitoring, data privacy, including selection and implementation of security tools.