The latest round of Cryptovirus hit yesterday. Petya, named after a similar virus, which shares very little with the original, hit with the same destructive force as the WannaCry virus last month, this time without a ‘kill switch’.
Originating in Ukraine via a company called M.E.Doc, a tax company, the cryptovirus was spread by using the auto-update feature within the tax software. I’m sure there will be more investigation on how this came to be (hacked, or inside job?).
At first, many believed this was another cryptovirus made for financial gain. However, it became quickly apparent that this virus was designed to cause as much destruction in a short amount of time as possible.
Within the first few hours, the crypto’s email address which is used to send your encryption key to unlock your files was disabled. If you look at the blockchain (effectively your BitCoin wallet) which the hackers have used, there have only been a little over 40 payments. At $300USD, that’s not a lot of money considering.
Analyzing the Petya virus further, it propagates throughout Windows networks using three different methods. First is the original method WannaCry used which was based on the leaked NSA tool, EternalBlue. The other two are more technical ways of using the Windows operating system to exploit security weaknesses where end users have ‘administrator’ privileges.
Based on the methods used, and few payments made to the cryptovirus Bitcoin wallet, coupled with the early takedown of the payment email address, I can conclude this was simply an attack to cause as much damage as possible.
We have had no reports of infection from our monitoring systems. All our customer’s devices and our own infrastructure were checked when the WannaCry virus was active. We doubled checked again today and found no issues.
This cryptovirus was well written and destructive, so what can you do to ensure to keep safe?
- Make sure your antivirus is up to date
- Don’t turn off Windows Updates (you’d be surprised)
- Don’t turn off Windows UAC
- Be vigilant when opening emails with attachment and links
If you would like a more technical explanation, Microsoft has published a great post.