NEW DELHI: A new wave of ransomware has affected critical infrastructure and business systems worldwide. The attack, carried out with an updated version of Petya, has not yet been stopped.
Europol is currently actively monitoring the spread of the ransomware and is in close contact with different law enforcement authorities from the infected countries, including India.
Europol’s executive director Rob Wainwright said, “This is another serious ransomware attack with global impact, although the number of victims is not yet known.”
Wainwright also said that while this attack had similarities with the WannaCry attack, there are clear indications of a more sophisticated attack capability.
How does Petya work?
Petya doesn’t just encrypt files, it also overwrites the Master Boot Record. This renders the machine unusable and prevents users from recovering any information on it. Unlike WannaCry, Petya does not include any type of “kill switch”.
What to do?
If you have been infected:
1. Do not pay. You will not only be a financial criminal, but you are also unlikely to regain access to your files. The email account used to manage ransom demands, in this case, has been blocked. So the attackers’ only known channel for communication at the moment, has been rendered useless.
2. Make sure that you keep a copy of the phishing email received from the attackers and provide it with the police, as it helps with their investigation.
3. Disconnect infected devices from the internet. If the infected device is part of a network, isolate it as soon as possible, to prevent the spread of the virus to other nodes in the network.
4. You can then format the hard drive, reinstall the operating system and apps, run any available updates and, finally, restore the locked files from your backup device.
If you have not been infected:
1. Keep all applications and the Operating System up to date. If you are offered the option of automatic updates by your device, take it.
2. Keep your data backed up, and create two copies – one in the cloud, and one is physical storage. It is easy to retrieve those files even if you are affected by Ransomware. Use robust security products to protect your system from all threats, including ransomware.
3. Do not use high privileges accounts (accounts with administrator rights) for daily business.
4. Even if trusted parties like banks send you suspicious or unexpected emails, do not click on the attachments or the links.