Another Ransomware attack, the Petya or Petrwarp, is spreading across the globe hitting a number of high-profile organizations, government agencies, public utilities and transportation networks in the United States and Europe.
The virus downed systems monitoring radiation at the site of the former Chernobyl nuclear power plant and cross-country ATMs in Ukraine. Russia’s leading oil company, Rosneft, was also affected. The attack also spread as far as India and the United States where the computer network of pharmaceutical giant, Merck, was compromised as part of the attack.
Within hours the attack had spread in a manner similar to last May’s WannaCry Ransomware attack. The hacks targeted banks, government ministries and other important companies and infrastructures, demanding ransoms in the crypto-currency, Bitcoin.
Ooops, your important files are encrypted!
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service” – read the message on Petya-affected machines.
The Petya Ransomware demanded $300 worth of Bitcoin currency to decrypt the files much like its predecessor, WannaCry.
The attack comes a month after the WannaCry hit nearly a quarter-million machines worldwide. Although it was largely contained few days following the attack, WannaCry has continued to resurface here and there. Last week, a Honda-manufacturing facility in Japan was hit by WannaCry.
This new global pandemic is the latest evidence that we are in the Ransomware era, with widespread cyber-attacks becoming the new norm. This is also a reminder that a robust data protection and disaster recovery strategy is crucial to keep your files and data safe.
How to protect yourself from Petya and other Ransomware variants
Keeping your systems up-to-date is the first line of defense. Many of the WannaCry-victims would have been protected had they installed a patch released by Microsoft two months earlier. That should be followed by an antivirus software that can detect and quarantine malware. Unfortunately however, Ransomware appears to elude all detection methodologies because:
- Ransomware developers often encrypt their software to elude detection.
- Ransomware developers research antivirus solutions to find weakness holes they can use to escape discovery.
- Many strains are zero day exploits that are unknown to signature based antivirus software vendors. Ransomware software exploits these security holes without the antivirus knowledge.
Ultimately your best protection solution against Ransomware software is a strong backup. The StoneFly DR365™ disaster recovery (DR) site in a box is a complete datacenter backup solution appliance for all physical and virtual servers that is integrated with automated business continuity on premises to any remote datacenter, private or public cloud. There is a little to worry about if you are hit by an attack, because you have secure, safe copies of your files that Ransomware can’t get to. The DR365™ is the only datacenter backup appliance that comes with automated offsite backup connection to Microsoft Azure Cloud or Amazon AWS Cloud depending on the user choosing.
The StoneFly DR365™ offers a turnkey, cost-effective data protection solution that protects against Ransomware and its variants. Cloud storage volumes and backup copies which Ransomware softwares target to sabotage any data restoral efforts are protected – Only the user data and backup can get to the storage volumes and no Ransomware can get to users’ data. The DR365™ site in a box appliance comes integrated with active protection feature which detects and blocks Ransomware attacks that evade the signature based defenses of antivirus softwares.
Conclusion
Like WannaCry before it, the Petya Ransomware is sure to come and go. Those affected by it will surely learn their lesson and strengthen their data-protection and business continuity strategy with strong backup solution like the StoneFly DR365™. If you do not already back up your data, you should do the same as Ransomware attacks are only going to become more common and more sophisticated in years to come.