Petya Ransomware: The ‘Crypt’ that has crippled systems worldwide

Petya Ransomware: The ‘Crypt’ that has crippled systems worldwide

Even before institutions could overcome the destruction and shock of ‘WannaCry’ ransom ware attack, there has been the emergence of a new ransom ware named ‘Petya’. This ransom ware has majorly attacked systems of the Ukrainian Government. Many organizations in Ukraine have reported similar system infections. A number of infamous banks of Ukraine such as the National Bank of Ukraine, Oschadbank Bank etc. have reportedly been affected by this attack. The compromised systems of Ukraine’s local metro and Kiev’s Boryspil Airport have allegedly been the most affected ones.

India has not been spared too from this attack along with Russia, Spain, France and U.K. Several Indian subsidiaries of Russia and U.K. based oil and gas, energy and aviation based companies have been affected by ‘Petya’.

Towards India:

In fact, operations at the gateway Terminal of the Jawaharlal Nehru Port have also been disrupted by this ransom ware. These are operated by the Maserk owned APM Terminals. Such a disruption due to ‘Petya’ at the Jawaharlal Nehru Port has been confirmed by its deputy chairman, Neeraj Bansal.

In case of Petya, it works more or less in the same manner as any other ransom ware would possibly function. It infects the system and encrypts all the data available on it along with the MBR. For getting the data decrypted, a ransom needs to be paid by way of ‘Bit coins’.

How the attackers lost the plot mid-way:

In case of the current attack, a ransom of $300 has been initially charged for providing the decryption key to the data kept hostage. The attackers had had prepared a gateway to collect the ransom but soon after the attack, such gateway was made non-functional leaving victims with no alternative to get back their data. It has been largely concluded that such an amateurish preparation to collect ransom might as well be suggestive of the fact that this attacked was aimed more towards the disruption of systems rather than plundering money.

 

Hacks to ensure safety: –

Patch SMB Vulnerability: Microsoft has released an emergency patch for this SMB vulnerability. Users are strongly advised to install this patch as soon as possible. Microsoft has already released the patch for Windows OS on Mar 14, 2017.

Block source E-mail address: Users are recommended to block wowsmith123456@posteo.net email address.

Block domains: Administrator and users make sure that following domains must be blocked

http://mischapuk6hyrn72.onion/;

http://petya3jxfp2f7g3i.onion/;

http://petya3sen7dyko2n.onion/;

http://mischa5xyix2mrhd.onion/MZ2MMJ;

http://mischapuk6hyrn72.onion/MZ2MMJ;

http://petya3jxfp2f7g3i.onion/MZ2MMJ;

http://petya3sen7dyko2n.onion/MZ2MMJ;

http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin;

COFFEINOFFICE.XYZ;   

http://french-cooking.com/

Block IPs: Following are the IP addresses administrators must be block

95.141.115.108,

185.165.29.78,

84.200.16.242,

111.90.139.247.

Update Anti-Virus

Disable SMB: Even if you have installed the patches, you are advised to disable Server Message Block version 1 (SMBv1) protocol, which is enabled by default on Windows, to prevent against Petya ransomware attacks.

Regular Backup your Files: Always keep a good backup routine in place that makes their copies to an external storage device which is not always connected to your computer.

Using Unsupported Windows OS: It is recommended to apply the emergency patch released by Microsoft or upgrade your operating systems with latest one.

Block the attachments of file types.

Disable remote Desktop Connections.

Follow safe practices when browsing the web.

Leave a Reply