How to Protect Your Organization from the Petya Ransomware Attack

Authored By : Sunil Gupta, Founder & Director, ExportersIndia.com

The world has significantly transformed over the past couple of decades since the advent of information technology and the internet, both of which have now become a significant part of our lives. All of us are now connected to each other via series of invisible networks that transcend geographical borders, making us aware of latest global developments every day as and when they occur.

However, the advancement of internet has also led to the rise of cyber security threats like Ransomware across the world that target both individuals and establishments with dire consequences. Ransomware is a type of corrupt software that can block access to any computer system until a ransom amount is paid to the hacker by the affected party. Such types of software are used by cyber criminals to usually target systems that contain valuable information, which, unless the affected person or organizations pays for, can be misused for nefarious purposes.

Just a few months back in May 2017, the world woke up to a massive ransomware cryptoworm attack – WannaCry, which targeted computers that ran on the Microsoft Windows operating system by encrypting the data on those systems, and demanded the ransom be paid in bitcoins, a form of cryptocurrency. It is estimated that over 2 Lakh computer systems were affected by the WannaCry ransomware across 150 countries, with economic damages amounting to more than USD 4 billion according to Cyence.

Following this, as the world began to recover from the after effects of WannaCry, it witnessed another ransomware attack in the form of an advanced variant of the Petya ransomware in June 2017, which threatens to ransack the security of organizations across the globe. The attack targeted government systems, domestic banks, and power companies in Ukraine, as well as other large companies in the world. Just like the WannaCry attack, those affected by the Petya ransomware found their files encrypted, followed by a demand of USD 300 in bitcoin as ransom to release those files.

While both ransomware have a similar delivery method, and are spread via online scams, and phishing e-mails, it has been suggested that the Petya ransomware likely originates from an already infected application update from a breached software vendor. It uses that as its primary vector as the ransomware payload needs local administrator access, and for infecting successive computer systems. As soon as the Petya ransomware is executed, the infected system’s MBR gets overwritten by the custom boot loader, following which a malicious kernel containinga corrupting code is loaded into the system to commence the process of encrypting files within that system.

Judging by the extent of such malicious attacks, the most important question asked by business owners is: Can we save our company from the Petya ransomware attack?

Protecting your organization from Petya Ransomware Attack – Preventive measures

These days, it has become a matter of extreme importance for organizations to take preventive actions in terms of cyber security in a bid to protect confidential data from potential threats, such as the Petya ransomware. Following are some actions that business owners can take to ensure the same:

Deploy latest security patches on all systems – Organizations should make sure to set up only the latest Microsoft security patches on each computer system, specifically the MS17-010, which safeguards Server Message Block (SMB) vulnerabilities.

Disable SMBv1 – Disabling SMBv1 can help in preventing malicious software like Petya from spreading to other systems.

Create more awareness among end-users – Organizations should make sure that end-users, i.e. the employees and other staff are aware about latest cyber security threats, and be extremely cautious of opening suspicious files, attachments, or links received from unknown senders.

Make sure your anti-virus software is regularly updated – It is important to ensure that the anti-virus software being used to protect computer systems within an organization is regularly updated as an outdated version will not be able to safeguard systems from an advanced malware.

Back-up every data – Make sure that all data and important files on local disks have a back-up copy, as most user data can be replicated via shared networks.

Avoid users from writing data anywhere apart from designated areas – Companies should ensure that all computer users within the workplace avoid writing data anywhere apart from the designated areas on the local hard drive to prevent loss of data in case of a potential cyber-attack.

Restrict local administration access – To further limit the possibility of a ransomware attack, organizations can limit or restrict access to local administration to just few trusted associates.

Apart from above mentioned tips, business owners can learn to protect their organization against ransomware by doing online research on recent cyber threats. They can also attend or conduct Ransomware Webinars to learn more about ransomware infection techniques, and how to strengthen security & architecture of their company. Additionally, they can also learn more about malware at online security hubs for complimentary research and webinars.