Download the free scanner to scan your computer
The analysis by K7 Computing’s Threat Control Lab states that PETYA is not a new ransomware but; the way in which it spreads is new. PETYA, which has created havoc in Europe, Ukraine and Russia has an element of similarity with the famous ‘WannaCry’ ransomware which has been the most deadly and successful ransomware attack in history. PETYA is exploiting the same EternalBlue exploit that was used by Wannacry attack. ‘WannaCry’ had hit the consumers and enterprises alike in May 2017.
Similar to WannaCry, PETYA encrypts data and offers to decrypt it for a price. However, according to the K7 Threat Control Lab., unlike WannaCry, Petya not only encrypts files on the disk but also a part of the Master Boot Record, preventing the ability to login without paying the ransom.
PETYA leverages a critical SMB vulnerability with remote code execution options, MS17-010, to distribute itself. The exploit is commonly referred to as “EternalBlue”. It is also possible that Petya can arrive via email as a malware attachment. Interestingly Petya also uses a remote execution tool called PsExec to attempt to spread on the network even to patched computers and those running Windows 10 without the users’ knowledge.
Note, many believe that PETYA’s intention was never to seek ransom but was to destroy data in a non-retrievable way. We don’t know why but it’s highly unlikely that even paying the ransom would result in the data being retrieved. Furthermore, the email address they provide for communication was taken down within a few hours on Tuesday so there’s no way to communicate with the perpetrators.
As a leading player for over two decades, K7 Computing considers it to be its prime responsibility to use its expertise and capabilities for the benefit of those who are affected by such attacks. Therefore, K7 Computing has updated the free scanner to scan, detect and remove the latest ransomware that had been affecting users across the globe including; PETYA, WANNACRY and Fireball (an unwanted program which was launched in May 2017).
The free scanner does not need to be installed and it can also run directly from a USB pen drive. It is designed to work with any other antivirus product on both consumer and enterprise environments.
The K7 Threat Control Lab also ensured that the users of K7 Security products are safe against PETYA and WannaCry. This is because K7 security products contain a state-of-the-art heuristic anti-ransomware feature which protects users against a wide variety of in-the-wild ransomware, including WannaCry.
Recommended preventive action:
- Clean your system with the K7 Petya and WannaCry Scanner to remove infected files, thus preventing further infection, spread and damage.
- Update/install all OS updates/patches. Microsoft has released patches even for the no-longer-supported XP considering the magnitude of this attack. (links to the latest patches are available at www.k7computing.com)
- Avoid pirated OS
- Use a good up-to-date security software (generally not free)
- Keep yourself updated on the latest security issues and solutions
