The ‘Petya’ ransomware is still attacking, the harmful virus has already caused serious disruption at many companies throughout the world. Virus’s targets are rich firms, financial institutions and insurance companies.
In Russia, the victims of Petya ransomware became the Russian steel and oil firms Evraz and Rosneft. In Europe, shipping and transport firm AP Moller-Maersk from Denmark and Heritage Valley Health System from Pittsburgh caught the virus, too – all of them received ransom note includes the same Bitcoin payment address.
The security experts say that most ransomware creates a custom address for every victim, and the payment mechanism of the attack seems too amateurish to have been carried out by serious criminals. Firs of all, the ransom message indicates a custom address for every victim.
Secondly, Petya asks victims to communicate with the attackers via a single email address which has been suspended by the email provider after they discovered what it was being used for. This means that even if someone pays the ransom, they have no way to communicate with the attacker to request the decryption key to unlock their files.
Petya ransomware: how to defend while forced rebooting
The ransomware infects computers and then waits for about an hour before rebooting the machine. While the machine is rebooting, you can switch the computer off to prevent the files from being encrypted and try and rescue the files from the machine, as flagged by @HackerFantastic on Twitter.
If the system reboots with the ransom note, don’t pay the ransom – the “customer service” email address has been shut down so there’s no way to get the decryption key to unlock your files anyway. Disconnect your PC from the internet, reformat the hard drive and reinstall your files from a backup. The common recommendation is still the same for every user under any circumstances: please, back up your files on regular basis. Plus, keep your anti-virus software up to date, that’s important.
‘Praemonitus preamunitus,’ this old Latin proverb is actual as never befoore – forewarned is forearmed.