top of page

New Ransomware attack takes down businesses all over the world!

Less than seven weeks after the massive WannaCry attack, another ransomware worm made its way around the world today (June 27).

The ransomware, may be "the worst worm ever seen," according to one expert. There was evidence that it was tied to tax-collection software that the Ukrainian government requires be installed on every workplace computer in the country.

Here is a list of company's infected around the world so far:

  • Advertising giant WPP

  • Government departments in Ukraine

  • Dutch logistics firm Maersk

  • Kiev airport

  • Russian oil firm Rosneft

  • Mondelez, the confectionary firm which owns Cadbury, has also reported IT issues

  • The Madrid office of law firm DLA Piper

  • US pharmaceutical firm Merck

  • There’s an early report suggesting the Ukrainian nuclear plant Chernobyl has “switched to manual” radiation monitoring due to the attack

How 'Petya' Ransomware Spreads?

If the malware gets onto a single machine in an enterprise network, it scans the machine for Windows administrative usernames and passwords. It then uses two Windows administration tools, called PSEXEC and WMC, to infect all the machines it can — which will include many home machines connected to the enterprise server via VPN.

Suggested Fix?

Late Tuesday, Israeli researcher Amit Serper with the Boston-based company Cyberreason said that he might have found a "kill switch" within Petya's code.

"I found a way to stop the malware," Serper tweeted. "Create a file in c:windows called perfc with no extension and #petya #Nopetya won't run!"

How to protect yourself?

If you're a home user, make sure your Windows computers have installed at least the April 2017 Windows Update security-patch bundle from Microsoft. If you're not sure, go to Control Panel (Windows 7) or Windows Settings (Windows 8, 8.1 or 10), open Windows Update or Updates and Security, and check for recent patches.Updating the machine fully will provide some degree of protection against today's ransomware worm,

You should also run antivirus software. As of 5:30 pm ET, 39 different antivirus brands detected the ransomware, including Avira, Bitdefender, ESET, Kaspersky, McAfee, Panda, Symantec/Norton and Trend Micro.

You should also back up all of your computers and mobile devices regularly, preferably daily, to both external hard drives and cloud-based backup services.

Then, if your files are locked up by crypto ransomware, you can restore files from backups. But beware that some crypto ransomware encrypts backup drives. It's best to disconnect or switch off backup drives after each backup.

bottom of page