Little more than a month has passed since the notorious WannaCry ransomware attack hit headlines across the world. Now, sadly, we're in a period of another such attack, and this time it's dubbed "Petya" or "GoldenEye."
The basic problem is the same as the WannaCry outbreak: PCs are infected, locked up and files encrypted with a ransom demanded for access to the blocked files. It's not exactly the same as WannaCry, nor is it currently as widespread, but it's still important to know what you're dealing with.
What you need to know about the Petya Ransomware
What is Petya?
Petya is a piece of ransomware that infects computers with the intent of monetary extortion in return for access to the contents of the PCs. It encrypts files, claiming only to let you back in upon receipt of a ransom.
Which platforms does it affect?
It's a Windows-only affair, and Microsoft already released a patch in March that should protect users, assuming it's installed.
Microsoft's March 2017 MS17-010 security update is where the necessary patches have been compiled.
How does Petya spread?
Petya tries to infect PCs using two methods, moving on to the second if the first fails. Once again, as with WannaCry, Petya utilizes the leaked EternalBlue exploit first developed by American security services.
If that fails because the system has been properly patched, for example, it moves on to the second method, which is to use two Windows administrative tools. Unlike WannaCry, Petya looks to spread within local networks without seeding itself externally, perhaps limiting its early global impact somewhat.
As reported by The Guardian, there is a secondary "vaccine" that may prevent infection on a specific PC, but it leaves Petya free to try and spread to others:
For this particular malware outbreak, another line of defence has been discovered: 'Petya' checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won't run the encryption side of the software. But this "vaccine" doesn't actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
What regions are affected by Petya?
The outbreak is reported to have surfaced in Eastern Europe, with the Ukraine in particular being hit hard. Organizations in France, the UK, Russia, Denmark and the U.S. are also confirmed as being affected.
How much is Petya's ransom?
Right now, $300 in Bitcoin.
If I get hit, should I pay the ransom?
No way! Remember that these are criminals, and chances are you'll be both out of pocket and without your files if you pay. These people don't want to be found, so they're unlikely to do anything that would give authorities any kind of edge in tracking them down.
In this case, there's also the issue of how the ransom is being collected. Instead of a unique wallet per user as with WannaCry, Petya is stuffing it all into one. And that has presented its own problems. Users have to send an email to get their decryption codes, and as reported by The Verge, that email address has been shut down:
But in the wake of today's globe-spanning infections, Posteo announced today that all account access to the "wowsmith" address have been blocked, making it impossible for the group to read or respond to any messages sent to the address.
Chances are you won't get the key you need even if the miscreants behind the attack ever planned on sending it out.
Am I at risk of Petya infection?
Sadly, we're always at some kind of risk on the internet. As detailed above, Microsoft already released a patch to mitigate at least the EternalBlue exploit, so the first port of call is to make sure that patch is installed.
If you don't have your updates turned on, that's a good place to start. Some people may not like "forced updates" but in most cases you shouldn't ignore them.
How do you get the files back?
Right now there's not a lot suggesting compromised files will ever be accessible again. If you don't have a backup, you might have lost your stuff. It's good practice to always back up your important files.
Is there anything I can do if I am affected?
It appears that there is. This tweet by Hacker Fantastic details what is actually the encryption process and how you can throw a spanner in the works.
If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. pic.twitter.com/IqwzWdlrX6— Hacker Fantastic (@hackerfantastic) June 27, 2017
You still can't use your PC but the data you have stored on it will apparently be OK.
That's a quick overview of where things stand right now, but it's an ever-changing situation. We'll do our best to keep on top of the latest details. And if you have anything helpful to share, be sure to leave it in the comments below.
We may earn a commission for purchases using our links. Learn more.
Should you get an XPS 13 or XPS 15?
Have your heart set on a new Dell XPS laptop but not sure which one to go for? Let us help as we break down some of the key points to consider.
Think you know ALL Windows 10 keyboard shortcuts? Find out in our full list
In this guide, we'll list all the best keyboard shortcuts that you can use to better navigate and utilize Windows 10 on your desktop PC or laptop.
Microsoft brings Android OS development for Surface Duo in-house
Microsoft is forming a team internally under the Microsoft Devices division that will handle the development of Android for Surface Duo going forward. Up until now, Microsoft had contracted the OS work out to third-party vendors such as Movial, who had the expertise required to bring Android to life on Surface Duo. Now, Microsoft is bringing that work in-house.
Best Samsung Galaxy Book S Accessories in 2020
The Samsung Galaxy Book S is an incredible little ARM-powered machine, but what are some accessories that will make your experience with it even better? Here's a list of our favorites.