It's not a sniper, just a wiper

By Balamurugan Selvaraj Published on Jun 29, 2017 04:07 PM IST

Chennai: The rate of ransomware infection across the world has been mounting. At the same, actors are involved in creating new ransomware variants with the combination of flaws and exploits. None can't forget last month's WannaCry havoc, which attacked millions and billions of online users.

Similar to it, another ransomware variant called as Petya, began hacking PCs. This ransomware infected thousands of computers in Ukraine, Russia, France, India and United States on Tuesday.

Kaspersky researchers yesterday confirmed that, "As per the reports analysed, the malware infection happened across the world is not Petya ransomware and this is something new that we not seen before. That's why we named its as NotPetya."

This ransomware had infected both SMBv1 patched and unpatched systems. Here, the researchers went stunned as to how this ransomware infects the system. But the tweet of security researcher, Mikko Hypponen answered this question. He wrote,"Petya uses NSA eternal blue exploit, but also spreads in internal networks with WMIC and PSEXEC. That's why patched computers can get hit."

NSA whistleblower, Edward Snowden tweeted, 'Researcher's tactic for #Petya/NotPetya: cut power to halt the eboot that initiates final encryption, so files can be rescued off-disk/box.'

What's more :

As per the latest reports of Hacker, Microsoft MVP and Founder of @comaeio, Matt Suiche, "The ransomware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon."

Even Kaspersky CEO, Eugene Kaspersky confirmed this. He wrote,"Update on #NotPetya #ExPetr: threat actors CAN'T decrypt files. Don't pay ransom. It won't help."

What's the truth?

Actually, the named ransomware is not a ransomware. It's a Wiper malware that is designed to destroy and damage. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) - a wiper would simply destroy and exclude possibilities of restoration.

How to prevent attack?

As per NMR data, implementing the following things will reduce the chance of infection. They are:

Disable the smb v1 exploit to prevent the future Wannacry attacks. Install the Microsoft patches to prevent spreading within the network.

Always have back-ups, which is a recovery system.Use robust antivirus software to protect your system from ransomware. Do not switch off the 'heuristic functions' as these help the solution to catch samples of ransomware that have not yet been formally detected.

Keep all the software on your computer up to date. When your operating system (OS) or applications release a new version, install it. And if the software offers the option of automatic updating, take it.

Enable the 'Show file extensions' option in the Windows settings on your computer. This will make it much easier to spot potentially malicious files. Stay away from file extensions like '.exe', '.vbs' and '.scr'.

Importantly, if you find any unknown process running on the computer. Just disconnect it from the internet or other network connections. Because, it through network, it may spread to all systems connected on the network.