Petya Virus, What is It? How Does it Differ From Normal Ransomware? How Can I Protect Myself?
If you’ve been hiding under a rock as of late you may not have heard that the Petya Virus has been wreaking havoc among computer systems. However, unlink traditional ransomware that only encrypts data and holds the data for ransom upon payment of a fee which provides an unlocking code, Petya does not encrypt but DESTROYS data.
This truly is a super villain, “Some people just want to watch the world burn Mr Wayne.” (Batman quote if you were wondering)
Machines targeted by Petya are those not yet updated with the WannaCry Ransomware update. (Read more here). This virus spreads via email when the attachment of an email infected with the virus is opened. Once opened this little nasty gets to work it uses a “Pass the Hash” attack and steals passwords and starts infecting and spreading through the computers within the domain.
How do I protect myself?
Best practices to avoid such infections like these are to never open suspicious emails from unidentified sources. Check the source of the email, this can be done by checking the email address in which it was sent from. If the display name is AusPost however, the email was sent from [email protected] you can be sure it’s not Australia Post trying to let you know your parcel delivered. Never open attachments with .scr, .exe, .js and .vbs extensions. All these extensions are executable programs that could infect your machine. If any email is directing you to an external page, hover the mouse over the link it will display the URL where the redirection is taking you. Again, if AGL has sent you a bill but the link to view the bill is taking you to ann-my-sharepoint.files/data you can be sure it is not AGL a correct link would display agl.com.au/myaccount/overdue or something along those lines. The URL’s must coincide with the company’s domain name if legitimate.
Business clients on our Managed Services are at an extremely low risk of infection, due to regular patch updates and other security features we provide as part of the service but please still avoid suspicious emails.
Customers on our Monitored Antivirus System are at a Low risk due to security services provided, however if you’d like to book in a time to ensure all patches are up to date please email or call us to arrange a time to audit your patch management and ensure everything is up to date.
If you currently don’t have either of these services but wish to ensure your system is secure and reduce your risk of infection please feel free to email us at [email protected] or call 1300 940 083 to discuss security enhancements with your technician.