Petya Ransomware Spreading Faster Than Any Previous Infection
A newly released version of Petya ransomware is spreading across the globe at an alarming rate. Like WannaCry before it, it takes advantage of weaknesses in Windows operating systems discovered by the NSA and subsequently leaked by hackers onto the dark net. Microsoft had already issued patches for those vulnerabilities, but if you have not yet applied the patches, it may already be too late.
Petya is spreading so fast, your computer may actually be infected in the time it takes to download and install the patch!
Unlike WannaCry, which encrypted important user files but left the computer operational, the Petya ransomware encrypts all your files and then locks up your entire computer. Except for displaying the ransom payment instructions, this ransomware does not allow anything else to be done on the computer.
Technically knowledgeable users are advised to turn off your vulnerable computers, and block port 445 on your network router. If you have a protected computer from which you can download the Microsoft patches and/or anti-ransomware software that prevents encryption of the Master Boot Record (MBR), you should do that, and transfer this information via USB stick to the vulnerable computer, which should be updated before reconnecting to the internet.
Read an online report of the recent outbreak from CNET, and get more detailed information about mitigation from here. If you need help dealing with this outbreak, contact your IT administrator, or computer security provider.
IMPORTANT UPDATE – A VACCINE HAS BEEN CREATED
Security researchers analyzing the virus have found a vaccine that will prevent the virus from scrambling your files. Download and run this batch file from the Bleeping Computers website. This batch file will create a read-only file named perfc in the C:\Windows folder of your computer. If you don’t trust external links and would prefer to create the perfc file yourself, you may follow the instructions in this blog post. If the Petya virus detects the existence of this perfc file, it stops working.
Jack Eisenberg is the owner of Safe and Secure Computing and regularly monitors cyber security developments such as this one.