Cybercrime Lawyer India

What is Ransomware?

Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it. Like WannaCry ransomware, ‘Petya’ spreads rapidly through networks that use Microsoft Windows.

What is Petya/Petna Ransomware?

Petya/Petna works by modifying Window’s Master Boot Record (MBR), causing the system to crash. It uses the EXTERNALBLUE exploit tool to accomplish this, which is a similar exploit to that of the WannaCrypt/WannaCry ransomware.

How does it work?

Petya/Petna is spread as a DLL file, requiring the execution by another process to compromise the system. After execution, it modifies the Window’s system’s Master Boot Record (MBR), causing the system to crash.

Upon reboot, the modified MBR prevents Windows from loading and a ransom note will be displayed, requiring the user to send US$300 in Bitcoins to a specific Bitcoin address in order for their files to be decrypted. However, the email account that is associated to disseminate the decryption key had been shut down and users will not be able to get their files decrypted after payment.

Shipping company Maersk’s IT system was impacted by the cyber-attack.
Shipping company Maersk’s IT system was impacted by the cyber-attack. Photograph: Mauritz Antin/EPA

When was Petya/Petna Ransomware released?

Petya/Petna Ransomware was originally released by the Shadow Brokers group in April 2017.

What steps do I need to take to reduce the risk of infection?

  • Enable your firewalls as well as intrusion detection and prevention systems.
  • Proactively monitor and validate traffic going in and out of the network.
  • Implement security mechanisms for other points of entry attackers can use, such as email and websites.
  • Deploy application control to prevent suspicious files from executing on top of behavior monitoring that can thwart unwanted modifications to the system.
  • Disable SMB (v1) on vulnerable machines – using either GPO or by following the instructions provided by Microsoft.
  • Ensure that all of the latest patches (if possible using Virtual Patching solution) is applied to affected operating systems – especially the ones related to MS17-010.
  • Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  • Establish a Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) for your domain, which is an email validation system designed to prevent spam by detecting email spoofing by which most of the ransomware samples successfully reaches the corporate email boxes.
  • Maintain updated Antivirus software on all systems.
  • Consider installing Enhanced Mitigation Experience Toolkit, or similar host-level anti-exploitation tools.
  • Keep the operating system third party applications (MS Office, browsers, browser Plugins) up-to-date with the latest patches.

Read the full technical advisory for Petya/Petna ransomware from CERT-IN.

References

Site Admin

Prev Post
Next Post

Leave a Reply