From Windows Central: https://www.windowscentral.com/petya-ransomware-windows
There’s another massive ransomware attack sweeping across the world. Here’s what you need to know to stay safe.
Little more than a month has passed since the notorious WannaCry ransomware attack hit headlines across the world. Now, sadly, we’re in a period of another such attack, and this time it’s dubbed “Petya” or “GoldenEye.”
The basic problem is the same as the WannaCry outbreak: PCs are infected, locked up and files encrypted with a ransom demanded for access to the blocked files. It’s not exactly the same as WannaCry, nor is it currently as widespread, but it’s still important to know what you’re dealing with.
What is Petya?
Petya is a piece of ransomware that infects computers with the intent of monetary extortion in return for access to the contents of the PCs. It encrypts files, claiming only to let you back in upon receipt of a ransom.
Which platforms does it affect?
It’s a Windows-only affair, and Microsoft already released a patch in March that should protect users, assuming it’s installed.
How does Petya spread?
Petya tries to infect PCs using two methods, moving on to the second if the first fails. Once again, as with WannaCry, Petya utilizes the leaked EternalBlue exploit first developed by American security services.
If that fails because the system has been properly patched, for example, it moves on to the second method, which is to use two Windows administrative tools. Unlike WannaCry, Petya looks to spread within local networks without seeding itself externally, perhaps limiting its early global impact somewhat.
As reported by The Guardian, there is a secondary “vaccine” that may prevent infection on a specific PC, but it leaves Petya free to try and spread to others:
For this particular malware outbreak, another line of defence has been discovered: ‘Petya’ checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. But this “vaccine” doesn’t actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.
Read the full article HERE!