The Department of Information and Communications Technology calls to step up your cyber defenses from Petya ransomware attack that continues to spread at an alarming speed around the world. There have been reports of “Petya” ransomware infections in many organizations worldwide, with Europe taking the hardest hit. About 60% of the systems infected were located within Ukraine.
The virus began spreading two days ago, June 27, 2017 (Tuesday), and have targeted Ukraine’s crucial infrastructure, including financial institutions, power provider, and other delivery services.
Petya, a new strain of ransomware, encrypts data for a ransom of $300. This virus exploits vulnerabilities in Sever Message Block (SMB) in Microsoft Windows, encrypting the master boot records of infected Windows computers and rendering them completely unusable.
Protection from this ransomware attack requires prevention, not detection.
To prevent being infected, all CIIs are enjoined to do the following steps:
Step 1: Patch your Windows system/s. Look for your version on the list.
Step 2: Disable SMBv1 file-sharing protocol.
Step 3: Disable WMIC (Windows Management Instrumentation Command-line)
It is also important to take note of the following:
• Petya ransomware encrypts systems after rebooting the computer. If your system is infected with Petya ransomware and it tries to restart, just do not power it back on.
• For advanced users, use a LiveCD or external machine to recover files. Creating a Windows 7 live CD can be found here: http://www.technorms.com/8098/create-windows-7-live-cd
• PT Security, a UK-based cyber security company and Amit Serper from Cybereason, have discovered a Kill-Switch for Petya ransomware. According to a tweet, company has advised users to create a file i.e. “C:\Windows\perfc” to prevent ransomware infection.