How to protect your PC against Petya
Following the WannaCry attack in May, there’s a new ransomware spreading across the world: Petya. Ransomware stops you from accessing any files on the ‘infected’ computer until you pay the ransom. Here we explain what you need to do to protect your precious data.
As with WannaCry, it’s businesses that are suffering the most from this latest attack, seemingly having failed to install the necessary patches to fix the vulnerability – the same one Petya is using now.
The new ransomware is being called NotPetya or GoldenEye. That’s because Petya was first seen in 2016, but it appears to have been re-released with better encryption and – according to reports – no similar flaws to WannaCry which allowed it to be halted in its tracks.
What is ransomware?
It’s a malicious program that’s like a computer virus. It’s designed to scan your hard drives and encrypt as many files as it can so you can’t access them. The files are still there and you have to pay a sum – the ransom – in order to get your files back. This is usually done via Bitcoin, as it’s anonymous.
Sometimes, manual human intervention is required of the hackers to decrypt your files once you’ve paid. But since you’re dealing with criminals, there’s no reason to think they will do what they promise. So most experts recommend you don’t pay.
New wave of malware
WannaCry was stopped but the group responsible for leaking the vulnerabilities – Shadow Brokers – had already said it would leak more in June. A Reuters report outlines the blog post from the group which says it is “setting up a monthly data dump” that it will sell to anyone willing to pay.
It says that the exploits will enable criminals to code malware that will break into Web browsers, phones, routers and Windows 10 systems. However, you can use these tips to help keep your computers and files safe.
How does Petya work?
Like a lot of malware, it can arrive as an e-mail attachment. This method relies on computer users opening the attachment, or clicking on a link in an e-mail, which causes the program to run.
People often open these attachments or click links out of curiosity, because the sender is someone in their address book. So the best advice is not to open anything you don’t completely trust.
Petya then encrypts all the files and documents on the computer so the user cannot open them.
Some people say that it encrypts only the first 1Mb of data in each file, which could allow most data to be recovered large files.
Which versions of Windows are affected?
In general, home users should not be affected by this particular piece of ransomware. It exploits the same EternalBlue vulnerability as WannaCry. Microsoft issued a patch for all versions of Windows which were supported at the time back in March 2017.
Since Windows defaults to installing updates automatically, the patch should already be installed. The security update would have protected Windows Vista, Windows 7 and Windows 8.1 systems which had automatic updates turned on.
If your computer runs Windows 10, it should be protected, too.
The EternalBlue vulnerability relates to computers running the business version of Windows, specifically those using the SMB network file system. This is why we’re hearing that companies such as pharmaceutical giant Merck and logistics company Maersk have been hit by this new wave.
At the time of the WannaCry attack only older versions of Windows which are no longer supported were vulnerable, including Windows XP and Windows 8.
Microsoft issued a security patch for Windows XP and Windows 8 – a very unusual step for unsupported operating systems – which you can download from the links on Microsoft’s blog.
How can I protect my files from WannaCry?
If you have Windows Update enabled on other versions then you will already be protected against WannaCry, NotPetya and any other attacks which use the same vulnerability.
If you’re not sure, then open the Control Panel (you’ll find a link in the Start menu) and search for Windows Update. Click through to Windows Update and you’ll be able to check if it’s enabled or not.
There should be a button ‘Check for updates’ which you can click to force Windows to search and install critical updates.
But don’t stop there, sit back and consider you’re safe.
The best protection is to have at least one (if not two) copies of any files you can’t afford to lose. Photos, home videos, financial documents and other files that can’t be replaced should be backed up regularly.
Ransomware is often clever enough to scan your home network and infect other computers and even network storage drives (NAS drives) so it’s really important to make a backup on a USB stick or external hard drive that you disconnect and keep safely somewhere.
Don’t open attachments
You, as the computer user, are often the weak link in the chain. Windows and antivirus software can help to protect you from ransomware attacks, but you can help yourself by being extremely cautious about which email attachments you open and which links you click.
Typically, e-mails from hackers won’t contain a personal message, or it will be so generic that you can’t be sure it’s really from the person in the ‘sender’ field.
In WannaCry’s case, at least some of the emails pretended to be an important email from a bank about a money transfer.
Either just delete the e-mail, or call the sender and ask them if they sent the e-mail and what is in the attachment, or on the other end of the link. Unless you are absolutely sure the attachment is safe, don’t click on it.
Won’t antivirus software protect me from WannaCry?
Most but not all antivirus software now contains ‘anti-ransomware’ that should help protect your PCs and laptops from WannaCry and other ransomware.
That’s why it’s important not to rely just on Windows’ own security but to add an extra layer of protection.
My PC is infected with ransomware. What should I do?
First, don’t pay the ransom. It only encourages the criminals – getting paid is their end game. And there’s no guarantee you will get your files back even if you do pay.
If you have a backup of your files, you may be able to restore your machine to factory settings using a hidden recovery partition. Or it might be a case of reinstalling Windows. Then you’ll have to reinstall your apps and copy over your backed-up files.
IDG News Service