One month after the WannaCry ransomware ravaged over three million computers around the world, a new variant of the Petya ransomware seems to spreading even faster since Tuesday afternoon. This new malicious software has infected more than 2,000 businesses worldwide in less than 24 hours and the list of victims continues to grow at an alarming rate.

1. Businesses need to know why ransomware keeps on happening
One month after the WannaCry ransomware ravaged over three million computers around the world, a new
variant of the Petya ransomware seems to spreading even faster since Tuesday afternoon. This new malicious
software has infected more than 2,000 businesses worldwide in less than 24 hours and the list of victims
continues to grow at an alarming rate.
STRATEGIC ENTREPRISES ARE THE MAIN TARGET
If WannaCry was aiming in the dark when it came to choosing its victims, Petya has a clear preference for public
administrations and infrastructures.
The first signs of a serious infection surged in Ukraine, where it forced the Chernobyl nuclear plant to shift to
manual controls. Over one hundred strategic enterprises were also paralysed: the country’s main energy
providers, airports and administration, banking services and even its ATMs.
A few hours later, the Russian Central Bank, as well as one of the largest oil producers in the world, the Rosneft
group, joined the list of victims. In Europe and in the US, numerous multinationals had to deal with Petya, such
as the pharmaceutical giant Merck, the advertising specialist WPP, the first Danish marine carrier Maersk and
the biggest lawyer agency in the world – DLA Piper.
ANOTHER RANSOMWARE OR JUST HISTORY REPEATING
Dubbed Petrwrap, GoldenEye or Nyetya, the Petya ransomware was discovered for the first time in May 2015.
Today, we are facing a new variant of the initial malware. Some experts even went as far as declaring it is a
whole new virus to begin with, hence the nickname NotPetya.
Petya or NotPetya, there’s nothing new about the way it functions. Basically, once the ransomware is present on
a machine, it forces a reboot in the next few minutes. It then starts encrypting .doc (Word), .ppt (PowerPoint),
.xls (Excel), .pdf, .rar, .zip files. At the end, a message is displayed on the screen and the dreaded ransom note
appears. It’s either 300 dollars in exchange for the encryption key or nothing.
It’s only by taking a closer look at the way Petya infiltrates systems that we realize where the success of this
ransomware actually comes from.
Originally, the virus was launched with the help of a compromised update of a Ukrainian accounting programme
(MeDoc), which would explain why the country took the hardest blow. In parallel, according to a CERT alert,
Petya spread in various other countries via phishing campaigns (malicious emails containing malicious
attachments).

2. WHAT IS LEFT TO BE DONE
The news makes you wonder if people learned anything at all from the WannaCry incident.
For the sake of those so unfortunate to have been infected, here’s what you need to do right away: unplug your
machine from the network in order to prevent any additional damage to other connected devices. Once you
receive the ransom note, do not, we repeat, do not pay it. There’s absolutely no guarantee that the cybercriminals
behind it will even keep their word. On top of that, you’d be actually financing their activity further. In spite of
this being an expert consensus, over 6 000 dollars had already been deposited yesterday in the Petya bitcoin
account.
If you are among the lucky ones and have not yet been infected, we advice you to quickly download the MS17-
010 Microsoft Windows update. You may also limit your exposure to the SMB service or check out our solutions
designed to prevent this type of cyber-attack.
If you’ve already done your homework (be it before or after the WannaCry affair, it’s behind us now), you might
want to avoid opening any suspicious attachment received via email for a while.
WHY DOES THIS KEEP ON HAPPENING?
Today’s conclusions on the current cybersecurity state are quite grim. That being said, there’s no sole responsible
in this story.
Guilty party no. 1: cybercriminals.
If WannaCry and Petya were possible, it’s only because a certain hacking group – the Shadow Brokers, decided
to release a very dangerous 0-day vulnerability.
Guilty party no. 2: the NSA.
With great hacking weapons, comes great responsibility.
Guilty party no. 3: companies.
If you are tempted to quickly blame Microsoft for its faulty system, don’t. The company immediately released a
patched – the only problem, users needed to manually prompt it.
Many users today still feel cybersecurity is an issue that doesn’t directly concern them. That being the case, our
experts aspire to continuously monitor state of the art advancements in the area of cybersecurity and therefore
act as ambassadors in the pursuit of user awareness. For more tips on how to acquire an effective cyber-routine
and no longer be on the guilty side, you can check out our previous article here: ‘Targeting the Human behind
the Machine’.
Link: