Annoucement of new Ransomware Virus — Petya

Minimise the risk of a security breach, mitigating/minimising potential losses by following our guide.

Speak to one of our IT experts: 0333 323 2141

Speak to an Expert

Please complete your details in our simple form and an expert from the Frontline team will be in touch to discuss your business needs.

New Ransomware Virus — Petya

We have recently been sent a ‘Threat Advisory’ by McAfee and thought it would be beneficial to share. McAfee periodically publishes these advisories when new threats materialise that contain behavioural information, characteristics and symptoms that may be used to mitigate or discover the threat.

There is a new variant of a Ransomware virus currently making the rounds – Ransomware-Petya.

If you have any concerns, the dedicated Frontline security team are here to help you ensure you minimise the risk of a security breach and mitigating/minimising potential losses.

Ransomware-Petya is different than regular ransomware in that upon execution, it infects low-level structure (MBR [Master Boot Record], MFT [Master File Table]) and doesn’t allow the computer to boot normally. It will infect MBR and on restart, it has its own low language code to encrypt MFT, which makes the drive inaccessible.

This threat is detected under the following detection name: Ransom-Petya

This malware is known to be propagated via spam emails that contain a link to a dropbox shared .zip file. This archive contains a .jpg photo and the actual malware executable.

Known filenames of the photo and executable: 

  • Bewerbungsbild.jpg
  • Bewerbungsfoto.jpg
  • Bewerbungspoto.jpg
  • Bewerbungsmappe-gepackt.exe
  • Bewerbungsunterlagen.PDF.exe
  • BewerbungsmappePDF.exe

There are a number of articles that are circulating discussing how you can avoid paying, but prevention is always better than cure.

We would recommend always observing the following best practice regarding email security:

  • Avoid opening attachments in emails from untrusted sources
  • Avoid opening links in email and chat windows from untrusted sources, and double-check them if they are sent by a trusted connection. Sometimes an infected machine may send links to all contacts found in the email/chat application, which would appear to the destination as if coming from a trusted contact.
  • Keep all of your software up to date, including your operating system, Office package, browser, and any plugins you may be using. Disable any unnecessary plugins to avoid the extra attack surface.

The dedicated Frontline security team are here to help you ensure you minimise the risk of a security breach, mitigating/minimising potential losses, see how we can help or get in contact today.

Tags:
IT Security, McAfee, Petya, Ransomware,

McAfee logo