Petya is running rampant across the globe, locking down the computers of companies and organizations. Exploiting a vulnerability in Microsoft Office’s RTF handling, Petya effectively both infects your machine and propagates itself through the network.
Being the second major ransomware within two months, attacks of this sort has become more severe since the disastrous leak of some of the NSA-built backdoors into Windows systems by the mysterious hacker group named Shadow Brokers. This time, you don’t need to click anything to be infected. The ransomware is spreading fast through corporate networks globally.
As of the last couple of days, the Ukrainian capitals’ airport, Copenhagen-based shipping and transport company Maersk, among many others were severely affected by the virus. Petya is good at spreading and effectively locking up computers by encrypting all files. For your files to be released, the hackers are demanding a ransom in Bitcoin. A company in South Korea reportedly payed up USD $100,000,000 for mission critical files to be released when their computers were infected by Erebus, spurring a word-wide arms-race of ransomwares.
Users of other operative systems other than Windows are reportedly not affected. However, the best way to protect one-self is as always; keep your system and programs updated, don’t visit suspicious websites, don’t open suspicious emails and keep your eyes and ears open for security threats. Using anti-virus software and proper firewalls are also good practice and for god’s sake, always have backups.
The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone.
A fix for Petya was discovered after security analysts discovered that Petya needs to create the file C:\Windows\perfc. If you create the file yourself and make it read-only, you can effectively vaccinate yourself against Petya. If you are unsure of what to do, you can download this batch-file released by the renowned security form Wordfence. Latest Windows updates from Microsoft should now also be able to stop Petya, before it locks up your files.