Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search

 

New ransomware campaign known as Petya

28 Jun 2017

New ransomware campaign known as Petya

First published at 9.30am
[Original version/updates]

A new ransomware campaign known as Petya is affecting computer networks using Microsoft Windows. It was first seen affecting systems in the Ukraine, but is quickly spreading across other computer networks in Europe.

To help prevent an attack, it’s critical to ensure that all systems in a network are patched. Petya gets into unpatched versions of Windows systems (XP through 2008 R2) by exploiting a vulnerability in Microsoft's Windows SMB server. If Petya enters a network through an unpatched system, it will be able to spread to any other trusted systems in the same network, even if they have been patched.

This vulnerability exploited by Petya is known as EternalBlue. Microsoft released a patch for EternalBlue, called MS17-010, in March this year.

The ransomware encrypts not only the file system on affected computers but also the Master Boot Record (MBR) in environments where the malware is able to do so.

EternalBlue vulnerability patch MS17-010 External Link/

Read more about EternalBlue External Link/

What to do

Prevention

Initial reports suggest Petya ransomware is spreading via a software vulnerability in Microsoft Windows operating systems.

• Make sure you've patched all systems in your network. Organisations using any Windows system between XP and 2008 R2 should ensure that mitigations are in place - particularly the MS17-010 Microsoft patch.

• Make sure you've backed up your system and have stored your files securely outside your network.

• If you’re not patched, consider turning the system off or disabling SMBv1 - this will stop some file sharing. These operating systems need to be either turned off or have SMBv1 disabled.

• Be careful when opening emails and clicking on links or attachments within them. They could be phishing emails that look like they've been sent by a person or organisation you know and trust.

• Ensure staff are aware of this campaign. Remind them to be vigilant about links and attachments contained in incoming emails.

Mitigation

If Petya enters your system, it will encrypt your files, blocking access to them and demanding you pay a ransom to get them back. This is what you’ll see if Petya is attempting to encrypt your files:



Source: Forbes.com

If you see this, turn your computer off, and don’t turn it on again. An IT specialist should be able to recover your files directly from the hard drive. If you turn your computer back on again and Petya encrypts them, there’s currently no way to retrieve them as the email address used in paying the ransom has been shut down.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ


© Scoop Media

 
 
 
Business Headlines | Sci-Tech Headlines

 

Fuels Rushing In: Govt "Ready To Act" On Petrol Market Report

The Government will now take the Commerce Commission’s recommendations to Cabinet...
• A more transparent wholesale pricing regime • Greater contractual freedoms and fairer terms • Introducing an enforceable industry code of conduct • Improve transparency of premium grade fuel pricing... More>>

ALSO:

Reserve Bank Capital Review Decision: Increased Bank Capital Requirements

Governor Adrian Orr said the decisions to increase capital requirements are about making the banking system safer for all New Zealanders, and will ensure bank owners have a meaningful stake in their businesses. More>>

ALSO:

Aerospace: Christchurch Plan To Be NZ's Testbed

Christchurch aims to be at the centre of New Zealand’s burgeoning aerospace sector by 2025, according to the city’s aerospace strategic plan. More>>

ALSO:

EPA: Spill Sees Abatement Notice Served For Tamarind Taranaki

The notice was issued after a “sheen” on the sea surface was reported to regulators on Thursday 21 November, approximately 400 metres from the FPSO Umuroa. A survey commissioned by Tamarind has subsequently detected damage to the flowline connecting the Umuroa to the Tui 2H well. More>>

Taskforce Report: Changes Recommended For Winter Grazing

A Taskforce has made 11 recommendations to improve animal welfare in intensive winter grazing farm systems, the Minister of Agriculture Damien O’Connor confirmed today. More>>

ALSO: