From June 27, 2017, the next virus attack has begun to strike on information systems and networks of countries around the world. The threat called "Petya" is another form of "Wannacry" ransomware malware and is considered to be more dangerous (more information about ransomware is in this link https://www.cert.az/en/news/2016/name78 . Thus, ransomware-type malware posed a serious danger to information systems of world’s major companies, banks, critical infrastructures.
Petya disconnects users' computers after being infected, requiring $ 300 for connecting it back.
The malicious software, like “Wannacry”, is distributed in Windows operating system using a gap that is in the SMB protocol (Server Message Block). Unlike other types of ransomware, Petya does not encrypt files in an order, on the system. Petya reboots the victim’s computer, encrypts MFT (the hard drive's master file table) and restricts access to the system as a whole.
The following Microsoft operating systems are vulnerable and Microsoft has released an update called "Microsoft Security Bulletin MS17-010 - Critical" on March 14, 2017 to address the vulnerability identified:
- Windows 10
- Windows RT 8.1
- Windows 8.1
- Windows 7
- Windows XP
- Windows Vista
- Windows Server 2016
- Windows Server 2012 and Windows Server 2012 R2
- Windows Server 2008 and Windows Server 2008 R2
- Windows Server 2003
Petya also spreads via email "phishing". Therefore, documents from unknown persons should not be opened and links should not be clicked.
To be safe from danger, the Cyber Security Center provides the following recommendations to computer users:
- Disable SMBv1;
- Instant update (download and installation of "patch") to remove existing gaps in Windows operating systems on your computer and information systems;
- Do not click on the unknown files sent via e-mail and access link to any other source you do not know;
- Create backups of important documents;
- Make sure you have a current and an active antivirus database antivirus;
- If you do not use any antivirus software, use the Microsoft Defender antivirus software;
- Check the infections that may be available on your computer with the antivirus software;
- Follow the safety rules when using the Internet;
- Apply to the Center if there is a need for counselling about infection or methodological support.
If you have already faced this threat, you should call the Cyber Security Center 1654 hotline or write mail to team@cert.az.