It was only a month ago that I wrote in this space about the world’s lucky sidestep of the intended havoc mounted by the WannaCry ransomware attack. As our clients and regular readers of this site know, Red Level takes the ransomware menace very seriously: The damage and the expense such exploits cause is real and considerable, the potential negative impact they pose is increasing, and the exact nature of the threat is constantly changing.
For IT professionals, WannaCry, Cryptolocker and their fellow travelers are a continual source of aggravation, unease, and extra work. We know we can’t afford to be complacent, even for a moment. That’s why we were unhappy, but unsurprised, to learn of the new problems caused by Petya, a ransomware variant currently wreaking havoc in Europe, Australia, and in at least one US hospital.
Like WannaCry and Cryptolocker before it, Petya functions by unbreakably encrypting the contents of an infected hard drive, then demanding a ransom – in this case, $300 payable in Bitcoin – to recover the data. Having initially launched in a Ukrainian accounting application, Petya has since sent its evil tentacles outwards to cripple the global shipping company Maersk, production facilities of the Australian chocolatier Cadbury’s, and a host of European government offices, web hosts and small businesses.
In a particularly terrifying twist, Petya gained its foothold by leveraging a common security practice intended to thwart just the sort of threat Petya poses. According to Microsoft, Petya initially gained entry to victims’ machines via a software’s auto-update feature before proceeding to infect other machines on the network. That’s not the sort of development that any security expert is likely to welcome: A threat immediately becomes more significant when the very tools you use to ward it off are used against you.
Fortunately, there are things that you can do to keep Petya and other ransomware at bay. Red Level provides specialized security software designed expressly to identify and isolate ransomware as well as other viruses and malware. But according to the BBC, users without immediate access to state-of-the-art security applications can also take protective measures.
According to today’s article, “By creating a read-only file, naming it “perfc”, and placing it in a computer’s “C:Windows” folder, the attack will be stopped in its tracks.” The immediate effect is that the specific folder containing the new file will be “immunized” from being encrypted by Petya, and there will be no demand for ransom. However, even “immunized” machines remain capable of passing Petya on to other machines within their network.
Petya is only the latest in what is proving to be a steady stream of ransomware threats. There’s no good reason to believe that this tide will stop any time soon, and it’s virtually certain that the next attack will prove to be even more sophisticated, more difficult to detect, more destructive, and more expensive. It’s our job to remain vigilant on our clients’ behalf, doing everything we can to safeguard them from malicious attacks; nonetheless, we urge our clients and anyone else to be alert, knowledgeable, and sensible when it comes to malware. The threat it poses isn’t going to go away, and all signs indicate that it will take a collective effort to keep it at bay.