Petya the Newest Kid in the World of Viruses

petya-the-newest-kid-in-the-world-of-viruses

Recently a malware named WannaCry brought down the world wide web to its knees. The malware was originally a Ransomware, which used to lock down the victim’s computer and took all the data as ransom and the attackers then started demanding 300 bitcoins in order to let the user gain access to their important data. The attack was quite well spread and affected millions of computers around the world.  However, due to the accidental invention of the ‘kill switch’ and Microsoft’s prompt action, the cyber-attack came under control within few days.

Recently, thousands of computers across the globe are getting locked again by another ransomware, named Petya. GoldenEye, which is a new strain of the ransomware that took over the globe after starting with a cyber-attack in Ukraine. From there the virus started to spread rapidly to Ukraine’s power grid, airports, and government offices and took everything to its knees. However, the most shocking news came from the Nuclear disaster hit Chernobyl, where the workers had to monitor the radiation levels manually due to the cyber-attack. For your information, Chernobyl Nuclear Power Plant is located near the small town of Pripyat which was a part of the then Soviet Union. As per experts, the area is not safe for human habitation for at least next 20,000 years.

Incidentally, after attacking various facilities of Ukraine the virus started to spread around the globe rapidly and took out, Rosneft, Russia’s largest oil production company, and Denmark-based Maersk also felt the heat and had to shut down several of their systems to stop the virus from spreading.

Ransomware attacks have been taking place since ages, but it was targeted to individual networks, mainly to an individual. But all the cyber criminals have got a very dangerous weapon after the hackers group Shadow Brokers leaked NSA exploits. Just like the WannaCry, the new GoldenEye is also based on the NSA’s exploit. Due to the exploit, even if one person downloads the infected file, the whole network gets infected.

However, as per reports, the new virus is far more dangerous than the Wannacry as it is not a ransomware but a “Wiper Malware” which destroys all the data from the targeted systems. It is still not known that why the malware deletes data without encrypting them.

So, there’s no point of paying the attackers, as nearly more than 40 people paid with the hope of getting their files back, but sadly all the files got deleted immediately after the attack. By the nature of the attack, it seems like Petya is designed to shut down and disrupt services across the globe and till now it has been successful in fulfilling its purpose.

Now comes the big question. How to stop Petya? Sadly, the answer is, there’s no way to stop the virus as it also has infected fully patched computers which are on an enterprise network. That’s mainly because, once after getting the access on even a single computer inside an enterprise network, Petya spreads further by stealing administrative passwords and using network administration tools to install itself on every computer of the network.

Unlike the WannaCry malware, Petya doesn’t have any kill switch till date so that one can stop the virus from spreading. However, there’s some walk around available which might help to prevent the process of encryption.

Firstly, if you notice that your computer is shutting down randomly, try to stop the process of shutting down and keep it running as the virus needs to reboot a computer to encrypt user files and the HDD’s Boot Records.

One can also create a read-only file named ‘perfc’ and put it in the directory of Windows. As many times after seeing the file, Petya worms don’t encrypt the computer. However, this walk around doesn’t work on Windows 7 and the other PCs on the same network won’t be immune from the attack. Hence each of the computers needs the same file in order to be immune from the attack.

– Kaustav Roy