Here we go again!
It is still very early in the ‘Petya’ Ransomware cyber outbreak, but it has already proven to be one of the most aggressive and crippling versions of the dreaded encryption viruses.
Why is it worse? Past iterations of Ransomware, like WannaCry, typically still allowed users to access their desktop after removing the initial infection with anti-virus and anti-malware tools. However, with ‘Petya,’ very low level files, called Master Boot Records, become encrypted and prevent the user from fully booting the PC. This locks out administrative teams from removing the infection with conventional tools and ultimately makes it a mandatory onsite/workspace visit to resolve the issue.
How does something like this happen again so quickly? Well if you read into how WannaCry was fixed globally, it had to do with a bright young gentlemen purchasing the domain being used to transfer the encryption key and pointed it to a harmless location. However, there was still a backend exploit to Microsoft Server Message Block Server that allows for remote code to be executed. Microsoft’s patch is detailed here.
Want to know the long term fix for ‘Petya?’ Install the same patch noted for WannaCry! Why didn’t we listen the first time? Ugh!
For the record, versions of Petya has been around for a while, early 2016 by quick search results, however it now has a new mechanism for delivery that matches the aggressiveness of WannaCry but doesn’t rely on outside transfers of data to complete the encryption process.
The US-CERT post regarding ‘Petya’ can be found here: https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported