New ransomware campaign known as Petya

Wednesday, 28 June 2017, 10:11 am
Press Release: CERT NZ

28 Jun 2017

New ransomware campaign known as Petya

First published at 9.30am
[Original version/updates]

A new ransomware campaign known as Petya is affecting computer networks using Microsoft Windows. It was first seen affecting systems in the Ukraine, but is quickly spreading across other computer networks in Europe.

To help prevent an attack, it’s critical to ensure that all systems in a network are patched. Petya gets into unpatched versions of Windows systems (XP through 2008 R2) by exploiting a vulnerability in Microsoft's Windows SMB server. If Petya enters a network through an unpatched system, it will be able to spread to any other trusted systems in the same network, even if they have been patched.

This vulnerability exploited by Petya is known as EternalBlue. Microsoft released a patch for EternalBlue, called MS17-010, in March this year.

The ransomware encrypts not only the file system on affected computers but also the Master Boot Record (MBR) in environments where the malware is able to do so.

EternalBlue vulnerability patch MS17-010 External Link/

What to do

Advertisement - scroll to continue reading

Prevention

Initial reports suggest Petya ransomware is spreading via a software vulnerability in Microsoft Windows operating systems.

• Make sure you've patched all systems in your network. Organisations using any Windows system between XP and 2008 R2 should ensure that mitigations are in place - particularly the MS17-010 Microsoft patch.

• Make sure you've backed up your system and have stored your files securely outside your network.

• If you’re not patched, consider turning the system off or disabling SMBv1 - this will stop some file sharing. These operating systems need to be either turned off or have SMBv1 disabled.

• Be careful when opening emails and clicking on links or attachments within them. They could be phishing emails that look like they've been sent by a person or organisation you know and trust.

• Ensure staff are aware of this campaign. Remind them to be vigilant about links and attachments contained in incoming emails.

Mitigation

If Petya enters your system, it will encrypt your files, blocking access to them and demanding you pay a ransom to get them back. This is what you’ll see if Petya is attempting to encrypt your files:

Source: Forbes.com

If you see this, turn your computer off, and don’t turn it on again. An IT specialist should be able to recover your files directly from the hard drive. If you turn your computer back on again and Petya encrypts them, there’s currently no way to retrieve them as the email address used in paying the ransom has been shut down.

More information

If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ.

Report an incident to CERT NZ

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from CERT NZ on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

NIWA: Ship Anchors May Cause Extensive And Long-lasting Damage To The Seafloor, According To New Research

NIWA anchored their research vessel in Wellington Harbour and observed in real-time how its anchor changed the surrounding environment. Study leader NIWA geophysicist Dr Sally Watson says they saw broomstick-like scarring on the seabed.

New Zealand Customs Service: A Step Forward For Simpler Trade Between New Zealand And Singapore

The New Zealand Customs Service has signed an arrangement with Singapore that will help to make trade simpler for exporters. The Arrangement on Facilitating Safe and Efficient Trade sets out a framework for developing and strengthening practical cooperation on trade and the use of emerging technology.

Horizon Research: 68% Say Make Banks Offer Fraud Protection

68% (2,785,000 adults) believe the government should regulate to make sure banks offer fraud and cybercrime protection to customers. These are among findings of a new study, conducted in the public interest by Horizon Research, on bank fraud and cybercrime.

NZ Banking Association: Banks Seek Government Support For Anti-Scam Centre

The banking industry has asked the government to support a New Zealand Anti-Scam Centre, as part of a response to recent ministerial requests on scam prevention. In a letter to commerce and consumer affairs minister Andrew Bayly, New Zealand Banking Association chief executive Roger Beaumont asked the government to consider leading scam prevention in New Zealand.

National Road Carriers: Praises NZTA State Highway Investment Proposal Turnaround

NZTA released its State Highway Investment Proposal (SHIP) on Friday 12 April in response to the draft GPS that set out plans for 15 Roads of National Significance (RoNS) released by Transport Minister Simeon Brown on 6 March.

Greenpeace: Cameras Reveal Mass Underreporting Of Dolphin, Albatross And Fish Bycatch By Commercial Fishing Industry

The data shows that for the 127 vessels now with cameras, reporting of dolphin captures increased nearly seven fold while reported albatross interactions were up 3.5 times. The reported volume of fish discarded has increased by almost 50%.

Join Scoop Pro

Submit News

Become a Member