Petya: Safeguard Yourself From the Latest Global Ransomware Outbreak

Petya Ransomware

Another fast-moving ransomware attack is tearing across the globe, striking a number of high-profile businesses, transportation networks, public utilities and government agencies in Europe and the United States.

The attack was initially focused in Ukraine and Russia. The National Bank of Ukraine saw ATMs across the country go down, and systems monitoring radiation at the former Chernobyl nuclear power plant were also affected. Russia’s largest oil company, Rosneft, was also hit.

Within hours the ransomware had spread in a manner reminiscent of last month’s WannaCry attack, victimizing the Copenhagen-based A.P. Moller-Maersk, the world’s largest container shipping company, and WPP in London, the world’s largest advertising agency, as well as entities in France and Spain.

It eventually hopped the Atlantic and landed in the United States.  

New Strain or Variant?

This new strain of ransomware is still a bit of a mystery. Some think it’s a variant of Petya, some believe it might be a new version of WannaCry, and others say it’s related to GoldenEye.

“If you see this text, then your files are no longer accessible, because they have been encrypted,” read the message on affected machines, according to Reuters. “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

The ransomware demanded $300 worth of bitcoin in order to decrypt the files.

Second Global Attack in Weeks

The attack comes six weeks after WannaCry struck nearly a quarter million systems worldwide. Although largely contained after a few days, WannaCry has continued to resurface here and there. A Honda manufacturing facility in Japan was hit by it just a week ago.

This new blitz is just the latest evidence that we’re entering the era of ransomware, with widespread attacks becoming the new normal. It’s also a reminder that a strong data protection strategy is vital to keeping your data safe.

How to Protect Yourself from Ransomware

The first line of defense is keeping your software and systems updated. In the case of WannaCry, many of its victims would have been protected had they simply downloaded and installed a patch that Microsoft had issued two months earlier.

You should follow that with a quality anti-virus solution that can detect malware and quarantine it.  Unfortunately, it turns out that most ransomware is able to elude detection because:

  • Many strains are zero-day exploits that are unknown to signature-based anti-virus software.
  • Ransomware creators research anti-virus solutions to uncover weaknesses they can exploit to evade discovery.
  • Ransomware distributors often encrypt their software to help shield it from detection.

Ultimately the best protection against ransomware is a strong backup solution – like Acronis Backup 12.5 for businesses or Acronis True Image for home users. Regular backups of your data that are secured off-site make ransomware almost toothless. If you are hit by an attack, there’s little to worry about because you have safe, secure copies of any files that might have been encrypted. 

“Individuals or businesses that regularly back up their files on an external server or device can scrub their hard drive to remove the ransomware and restore their files from backup,” Peter Kadzik, assistant U.S. Attorney General, wrote in a letter to Congress in 2016. “If all individuals and businesses backed up their files, ransomware that relies on encrypting user files would not be as profitable a business for cyber criminal actors.”

Acronis Goes Beyond Backup

Best of all, Acronis goes far beyond backup. Our groundbreaking Acronis Active Protection™ is the only backup technology that actively fights back against ransomware.

Acronis Active Protection uses sophisticated analysis and artificial intelligence to monitor your system. If it spots any errant behavior or suspicious processes, it stops the activity and blacklists the program responsible for it, ensuring that it can’t restart on the next reboot.

If ransomware somehow does manage to sneak through and start encrypting files, Acronis Active Protection will quickly detect the encryption that’s going on and halt it – automatically restoring the files to the most recently backed up version. 

How effective is Acronis’ solution? In testing by an independent lab, Acronis Active Protection significantly outperformed 22 anti-virus solutions in recognizing and stopping ransomware.

 

Final Thought

Like WannaCry before it, this new strain of ransomware is sure to come and go. Those victimized by it will hopefully learn their lesson and bolster their data protection strategy with a strong backup solution like Acronis Backup 12.5 or Acronis True Image. If you’re not already backing up your data, you should do the same, as ransomware attacks are only going to become more commonplace – and more sophisticated – in the years ahead.