The NotPetya ransomware: exploiting systems worldwide

27/06/2017 22:37

In the second cyber attack in just two months, the ‘NotPetya’ ransomware attack has flooded though many organisations across the UK and wider world.

On Tuesday June 27 the malicious malware effected Microsoft systems across the globe, targeting banks, airports, metro transport systems, adverting companies and food companies including UK based Cadbury’s chocolate factory.

Around 2000 systems are thought to have been caught up in the attack that locks down data and holds at ransom until a fee is paid.

 

What happened?

The malware targetted systems without proper patching hygiene, tearing its way through windows systems that hadn't been updated.

The malware attack hit systems to render file and data inaccessible until the user pays a ransom.

In this instant the cyber-criminals demanded $300 via bitcoin. Although this is quite a standard cost to pay off a ransom, the attack received a low pay-out compared to other attacks. The Bitcoin wallet associated with the ransomware had just $10,000 on the morning following the attack which is a very low number compared to other similar attacks.

Part of the reason the attack yielded such a low pay-out is down to the fast acting email provider, Germany based Posteo, who shut down the account. Whilst this means the attackers can no longer receive ransom payments, it also means victims can no longer have their files decryted. 

Petya vs WannaCry

No one yet has been found responsible for NotPetya. The attack bears similar resembelance to the original Petya and WannaCry which was found in the wild last month. SonicWALLs own CEO, Bill Conner mentioned how both attacks are the same level of severity.

Both attacks prey on vunerabilities in un-patched Window systems. Looking into the methods of attacks, if the businesses affected by NotPetya had patched their systems with the recommended fixes Microsoft issued after WannaCry, they could have avoided the attack.

The difference with Petya is that it is a much more fiece attack than last months WannaCry. Whereas with WannaCry, victims and a chance to stop the attack using a 'kill swtich', Petya is much more difficult to control, allowing it to spread further, faster and cause more damage.

Whilst nothing can be done to affected systems, Just Firewalls has found a vaccine to the attack to stop further machines becoming a target. As well as this, it is essential any businesses running on Windows systems install all patches and fixes immediately.

How prevent the attack

Reports are currently circulating that claim to have a vaccine for the attack. Whilst this is only recommend to be done be a professional IT and security expert, the

 

A security researcher has found a loophole that can be used to protect individual computers from ‘NotPetya’.

 

The steps include creating a single file which claims to stop the ransomware in its tracks by preventing it from encrypting the computers files and locking out the user.

 

1.       Enable Windows extensions- open My Computer, Tools, Folder Options, View, uncheck ‘hide extensions for known file types’.

2.       Open the C:\Windows folder, left-click ‘notepad.exe’ programme, CTRL+C CTRL+V to copy and paste.

3.       Continue in the permissions and rename the file ‘notepad – Copy.exe’ to ‘perfc’.

4.       Right click ‘perc’, select properties and check ‘read only’.

 

As previously mentioned, this process only works on individual computers and is not a cure for the whole system. 

Posted in News By Just Firewalls