New Ransomware Virus — Petya
We have recently been sent a ‘Threat Advisory’ by McAfee and thought it would be beneficial to share. McAfee periodically publishes these advisories when new threats materialise that contain behavioural information, characteristics and symptoms that may be used to mitigate or discover the threat.
There is a new variant of a Ransomware virus currently making the rounds – Ransomware-Petya.
If you have any concerns, the dedicated Frontline security team are here to help you ensure you minimise the risk of a security breach and mitigating/minimising potential losses.
Ransomware-Petya is different than regular ransomware in that upon execution, it infects low-level structure (MBR [Master Boot Record], MFT [Master File Table]) and doesn’t allow the computer to boot normally. It will infect MBR and on restart, it has its own low language code to encrypt MFT, which makes the drive inaccessible.
This threat is detected under the following detection name: Ransom-Petya
This malware is known to be propagated via spam emails that contain a link to a dropbox shared .zip file. This archive contains a .jpg photo and the actual malware executable.
Known filenames of the photo and executable:
There are a number of articles that are circulating discussing how you can avoid paying, but prevention is always better than cure.
We would recommend always observing the following best practice regarding email security:
- Avoid opening attachments in emails from untrusted sources
- Avoid opening links in email and chat windows from untrusted sources, and double-check them if they are sent by a trusted connection. Sometimes an infected machine may send links to all contacts found in the email/chat application, which would appear to the destination as if coming from a trusted contact.
- Keep all of your software up to date, including your operating system, Office package, browser, and any plugins you may be using. Disable any unnecessary plugins to avoid the extra attack surface.