“The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the Eternal Blue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry” “Most major antivirus companies now claim that their software has updated to actively detect and protect against “Petya” infections: Symantec products using definitions version 20170627.009 should, for instance, and Kaspersky also says its security software is now capable of spotting the malware. Additionally, keeping Windows up to date – defending against the EternalBlue vulnerability – stops one major avenue of infection, and will also protect against future attacks with different payloads.
“”For this particular malware outbreak, another line of defence has been discovered: “Petya” checks for a read-only file, C:Windowsperfc.dat, and if it finds it, it won’t run the encryption side of the software. But this doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
“”Strictly speaking, it is not. The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya, but in the hours after the outbreak started, “the superficial resemblance is only skin deep”. Researchers at Russia’s Kaspersky Lab redubbed the malware NotPetya, and increasingly tongue-in-cheek variants of that name – Petna, Pneytna, and so on – began to spread as a result.
On top of that, other researchers who independently spotted the malware gave it other names: Romanian’s Bitdefender called it Goldeneye, for instance.””The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. A second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.””The “Petya” ransomware has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The food company Mondelez, legal firm DLA Piper, Danish shipping and transport firm AP Moller-Maersk and , which runs hospitals and care facilities in Pittsburgh.
“”Crucially, unlike WannaCry, this version of ‘Petya’ tries to spread internally within networks, but not seed itself externally. That may have limited the ultimate spread of the malware, which seems to have seen a decrease in the rate of new infections overnight.”