After WannaCry, a new wave of cyberattack has hit the computers across Europe, some parts of US and even India. Locking up computer data and crippling systems, Petya ransomware hackers have not made mistakes that WannaCry developers made and it is very important to know how to save your devices from Petya, because it is no petty attack.
We all know, it is the surge of an era of global cyberattacks and it is very important to keep your guards up to keep your virtual world intact. The latest cyber sweep is yet another ransomware which is dubbed as ‘Petya’ and the assault bares similarities to the WannaCry crisis but it is said that hackers of Petya have made sure not to repeat the loopholes left by WannaCry-ers. Petya, just no joke and just like WannaCry, it hits high-profile targets like MNCs and critical infrastructure providers like banks, government institutes and airports. It first started circulating in 2016 but is now refined by strong encryption and some even call this new iteration as “NotPetya” or “GoldenEye”. It could also be a variant of Petya.A, Petya.D, or PetrWrap.
Regardless of the name, it has already hit 2,000 targets, seizing the systems of high-profile victims like Danish shipping giant Maersk, US pharmaceutical company Merck, and multiple private and public institutions in Ukraine and even the Jawaharlal Nehru Port of India. Ransomware Petya, just like WannaCry locks up a computer’s files and demands $300 Bitcoins as ransom to unlock the data. To seize the credentials, Petya relies on a tool called “a la Mimikatz” which extracts them from the lsass.exe process, which is one of the crucial files in the Windows system.
Ransom note on an infected system – AP photo
Once the malware infects the computer, it waits for an hour or so and then will reboot the system automatically; the reboot will encrypt the files and user gets a ransom note on their PC asking them to pay up. Users are also warned against switching off their PC during the rebooting process, because it could make them lose their files. And here is a brutal glitch – once encrypted, there is no way to decrypt the data, at least not ourselves for now.
And the problem is not just about having no way to decrypt the data, but there is no way of stopping the attack from the spreading, given it exploits vulnerabilities in the network. But here is one solution which ‘might’ hopefully be helpful – if your system is infected and you face the reboot, if you switch off the computer immediately during reboot of the system, then you can prevent your file from being encrypted. That is the only solution, so far.
If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6
— Hacker Fantastic (@hackerfantastic) June 27, 2017
If you miss that quick chance and your system is rebooted, it means your data has been irreversibly encrypted by Petya and you need to know this – DO NOT PAY THE RANSOM. Turn off the computer, remove internet connection and format the hard drive and reinstall your files from back-ups. Don’t have backup? That is one huge mistake, irreversible again and there is no way out from this. Remember two things to save your virtual world – Always have backups and Do not pay the ransom, and you are good to go.
PS: 1 bitcoin = 1836 pounds = 1,50,900 rupees, you are not gonna pay 300 bitcoins anyway, or are you?