By Adrian M. Reodique
June 29, 2017
Some companies in the Asia Pacific (APAC) region have also reportedly been affected by the ransomware.
How is the Petya/NotPetya similar or different to WannaCry?
The Petya/NotPetya ransomware has a fair share of similarities and differences from the WannaCry ransomware.
Both ransomware uses the Eternal Blue exploit to infect Windows systems with unpatched server message block (SMB) vulnerability, and encrypt victims' the files.
However, some vendors believe the new ransomware attack is targeted.
"Unlike the recent WannaCry attack, this one appears to be targeted - it doesn't spread over the internet from infected victims to the majority of internet users. Instead, it is being snuck into businesses [before being] rapidly spread within, to do damage to the business and its supply chain," said Dave Palmer, director of technology at Darktrace.
Steve McGregory, senior director of Application Threat Intelligence at Ixia, echoed Palmer. "It appears to be a targeted and coordinated attack using multiple ransomware families and multiple vectors. This has enabled the attack to avoid detection, and to be difficult to replicate for researchers."
The new ransomware is also said to be more dangerous than WannaCry. As stated earlier, the new malware locks up both the files and the MFT tables for partitions, as well as overrides the MBR.
Besides that, it is more difficult for victims to unlock and retrieve their files and restore the systems as paying the ransom is no longer an option. "By paying the ransom to Wannacry, files could be unencrypted. [However,] the construction of the Petya-variant's code [has shut down] the method of communication to receive the key. [Since] victims cannot receive an unencryption key, obtaining unencrypted files is now much more problematical for them," said Matthew Moynahan, CEO of Forcepoint.
How can organisations avoid being victim of the new and future ransomware?
In light of Petya/NotPetya, security technology providers offer seven pieces of advice that will help organisations avoid falling prey to the new and future ransomwares.
1. Install the latest software updates and patches
Computers that do not have the latest security updates are the most vulnerable to security threats.
"The bad guys know about weaknesses in the software on your PC before you do. And they try to use them to get on your machine...This attack searches for and exploits a vulnerability in Microsoft Windows operating systems. Computers that do not have the latest Windows security updates applied are at risk of infection," said Nick Savvides, security advocate at Symantec in Asia Pacific and Japan (APJ).
Organisations must also ensure that their systems are fully patched, and that proper security solutions are being used to prevent the spread of the virus across the network, said Nick FitzGerald, Senior Research Fellow at ESET.