Petya Cyber Attacks: How to protect yourself against Ransomware

Wednesday, 28 June 2017

A global Ransomware attack is again affecting computers and networks both in Australia and abroad by encrypting all files on infected machines and then demanding that payment is made before the files can be restored.

The latest attack, named Petya, uses a similar exploit as last month’s “WannaCry” outbreak. It has already affected multiple companies worldwide, having taken out the servers at Russia’s biggest oil company, and shutting down computers in banks, transport companies and advertising firms across Europe. US law firm DLA Piper and pharmaceutical company Merck have both reported infections, and now, as the malware infection spreads to Australia, local businesses have been affected including the Cadbury chocolate factory in Tasmania.

What is Ransomware

Ransomware is a form of malware that spreads between computers via networks and email, infecting as many machines as possible. Once activated, the program encrypts all files on an infected machine, which are then held hostage until a payment is made to the anonymous hacker, typically using an untraceable cryptocurrency such as Bitcoin.

How does it spread and how can I avoid it?

Malware can be spread in a number of ways, so to protect yourself, avoid opening email attachments or web links from suspicious or unknown sources. This includes word documents, PDFs, videos and zipped folders.

Am I protected by Anti-virus software?

The typical method used by anti-virus software to detect threats is “Signature Matching”. This means that your anti-virus software contains a directory of known malicious scripts or programs, and can effectively screen for these. However, when a new or unknown type emerges, these are not always caught by anti-virus. Malware is purposefully made to be difficult to detect, and is usually benign while it infects as many computers as possible, before activating the malicious portion of its code.

As important as anti-virus software is to protect against known threats, you still need to exercise caution when opening email attachments or files from unknown sources.

What can I do to minimise my risk?

The most fail-safe method of protecting your data against Ransomware is to ensure you are making regular backups, and keep these offline, preferably on an external device that is disconnected from your computer once the back-up is completed. In the event that your computer does become compromised you can still access your data and avoid paying the ransom.

What happens if my computer is infected

If your computer is infected by this particular strain of ransomware, the process will be as follows.

  1. The malware script is executed (typically from an email attachment)
  2. After a randomly determined time period, the computer will shut down, typically showing a “blue screen” error.
    If you experience an error such as this and suspect malware, TURN OFF your computer and DO NOT RESTART. Contact your IT company before restarting the machine.
  3. Upon reboot a fake CHKDSK screen will pop up indicating that it is repairing your disk. This is NOT the case and the malware is actually performing full disk encryption.
  4. Once encryption is complete, the following screen will display, demanding a ransom to release the user’s files.

How can I recover my files?

Unfortunately, if you see the screen above, your files have already been encrypted. At this time, there is no available decryption method. Even if you have recent back-ups, you should contact your IT provider to determine the next step in recovering your data.

If your business has been held ransom or you would like to set up a backup or disaster recovery plan you can contact Xtreme on +61 (07) 5531 4816.


Need Support?

Click HERE to submit a Support Ticket.

Fill in your details below. All fields are required.