Today June 27, 2017 many Europian countries are reporting to have been hit by Petya / NoPetya ransomware. This was first reported in Ukraine. Its other name is wowsmith123456@posteo.net virus.
This ransomware encrypts files on a target computer and asks for ransom in form of Bitcoin. Several transactions have been reported to the associated Bitcoin wallet. This ransomware uses EternalBlue vulnerability and is from PetrWrap family. This is specially very dangerous because encryption keys are generated by hackers and decoding them is almost very difficult.
How to restore Petya ransomware infected computer:
CDSBureau is working on finding ways to restore infected computer. But here are a few instructions:
- Restore your data from a previous back-up.
- After restoring the data, scan computer for viruses/malwares and delete all infected files.
- Run all OS updates.
Preventing a Ransomware/Malware Attack:
CDSBureau recommends the following to stay safe from malware attacks:
- Apply security updates as soon as possible.
- Don’t allow users to access internet using accounts with administrator privileges.
- Ask users to not open email attachments without scanning.
- Ask users not to click unknown internet links.
- Always use anti-virus software on all computers and keep anti-virus software current.
- Take backup of your data periodically and verify the backup.
- Audit installed software on computers, endpoints, nodes, and servers.
- Use security solution that uses behavior based detection.
Contact CDSBureau for more information.