First discovered in March 2016, the Petya ransomware has made a resurgence. Originally, it infected the master boot record and installed a payload that encrypts NTFS file tables. This prevents systems from booting until the ransom is paid and the files are decrypted. Back in 2017, what has changed about the Petya ransomware?
Just after a recent attaack from the WannaCry ransomware, on June 27 a modified version of Petya was used in a global cyber attack. The malware spreads through the same vulnerability in Windows that was exploited by the WannaCry ransomware. Unlike the original Petya ransomware, this version does not unlock a system after the ransom has been paid.
Ukraine is among the hardest to be hit by Petya, though Kaspersky Lab found infections in France, Germany, Italy, Poland, United Kingdom, and the United States. More than 80 companies were hit, including the National Bank of Ukraine.
The exploit attacks vulnerable Windows Server Message Block services. However, Microsoft has already patched this vulnerability. If you haven't kept your system updated, you may be attacked. If you are not updated, a link with updates for all windows OS is provided. Please click the following link and protect yourself.
If you are infected, DO NOT PAY! As always, never click any suspicious links or open any attachments that you don't trust. Keep your anti-viruses up to date and if you run into any problems, Vanguard is always here to help!