Blogs and Posts

Petya 2.0 Ransomware Is Dangerous, Terrifying and Effective
- By: Garry Feldman
- Date: July 10, 2017
Businesses should consider the latest round of “Petya” malware attacks a serious threat. This type of ransomware, referred to by some as “Petya 2.0,” “NotPetya,” “GoldenEye,” “PetyaWrap” and other names, can completely obliterate all of your data stored and shared across your network system.
It can also proliferate without human help thanks to a range of infiltration mechanisms. Petya 2.0 can directly instruct network-connected computers to install infected files, and it can even hunt around in system data for stored password information to gain administrator-level control.
In short, Petya 2.0 is not to be trifled with. Once it has infected your system, controlling it is extremely difficult. The best measure is prevention with the aid of an experienced Stamford, CT cybersecurity firm.
Why Petya Is Scarier Than WannaCry
After the WannaCry cyber attacks faded from the news, many businesses incorrectly thought that the worst was over. Instead, a new type of malware emerged in its wake with even more concerning capabilities.
For one, this new malware copies traits from an earlier wave of ransomware attacks in 2016 attributed to a “Petya” file. Unlike WannaCry, Petya 2.0 does not just encrypt the local files available on each computer workstation. Instead, it can encrypt the hard drive down to the sector level, preventing access even if an infected hard drive is connected another computer.
Petya 2.0 also goes beyond the EternalBlue method of infiltration by adding two new methods of spreading to its repertoire. It can use Microsoft’s “PsExec” execution tool to remotely access workstations and perform commands within them. Through this route, the malware can copy itself manually onto other systems. Petya 2.0 needs administrator privileges to execute these actions, making access management and auditing a critical component of any cybersecurity plan.
By looking around in available system memory, Petya 2.0 can sometimes identify passwords for top-tier accounts and use them to boost access privileges. It can then run PsExec and spread from computer to computer.
An Untold Economic Impact
So far, Petya 2.0 has hit a few major organizations hard, and it shows no signs of relenting. The original infection has been traced to Ukraine, where a large tax software company first acquired the malware and appears to have accidently embedded it in their software distributed to thousands of clients around the globe.
Danish shipping company Maersk, the largest container ship operator in the world, has been brought to its knees, halting thousands of cargo transfers across the globe. U.S.-based pharmaceutical company Merck, U.K. media company WPP and hundreds of others have also been affected.
Like WannaCry, Petya 2.0 claims that it will decrypt files when a ransom is paid, but reports indicate that little, if any, users have gotten their data back. Some even speculate that Petya 2.0 is incapable of tracking which users have paid, meaning no formal system is in place to decrypt files for those who submit to the ransom.
Protect Your Company From Petya 2.0 With an Immediate Audit From a Stamford, CT Cybersecurity Firm
Your organization cannot afford to wait until it is infected. Petya 2.0 spreads fast, and no single method has been proven effective for halting its spread once a network is compromised. Infected networks can only be restored through slow, meticulous work, and recovering encrypted data has not yet been proven possible.
The only solution is a comprehensive audit of your current IT infrastructure, including your company’s practices for access management, network segmentation, program blacklists and more. Get in touch with a cybersecurity firm in Stamford, CT to begin assessing your current risks and strengthening your protections against a possible Petya 2.0-related system shutdown.
White Papers
-
Ransomware E-book
The Business Guide to Ransomware.
-
IT Move: Soup to Nuts
Take a look for IT Move Project Planning.
Blog Archive
Blog Archives
- December 2018 (1)
- November 2018 (1)
- September 2018 (1)
- August 2018 (4)
- July 2018 (5)
- June 2018 (7)
- May 2018 (5)
- April 2018 (5)
- March 2018 (5)
- February 2018 (4)
- January 2018 (5)
- December 2017 (6)
- November 2017 (5)
- October 2017 (6)
- September 2017 (6)
- August 2017 (4)
- July 2017 (4)
- June 2017 (6)
- May 2017 (4)
- April 2017 (6)
- March 2017 (4)
- February 2017 (5)
- January 2017 (5)
- December 2016 (5)
- November 2016 (5)
- October 2016 (4)
- September 2016 (6)
- August 2016 (4)
- July 2016 (7)
- June 2016 (7)
- May 2016 (6)
- April 2016 (5)
- March 2016 (7)
- February 2016 (5)
- January 2016 (5)
- December 2015 (6)
- November 2015 (1)
- October 2015 (2)
- August 2015 (5)
Categories
- Backup and Disaster Recovery (12)
- Business IT (73)
- Security (5)
- Security Tips (71)
- Training (34)
- Uncategorized (3)
- Webinar (27)