Large businesses, electricity suppliers and government agencies around the world are being affected by a strain of malware widely known as . Even a .
At first, it was believed that it was ransomware, because it essentially locks down an infected computer and a ransom note appears on-screen. The note demands $300, paid via bitcoin, in return for unlocking the infected computers. This attack closely mimics thethat affected more than 230,000 computers in over 150 countries in May.
So, it's ransomware, right? Well, probably not. The payment system the hackers set up is pretty much useless. They used only one address for their bitcoin payment, which has already been shut down by the email provider. It's believed that the ransomware was just a cover for malware designed to do a lot of damage, . Besides rendering a computer and its data useless, there is also a Trojan inside of Petya that steals victims' usernames and passwords.
It's not really 'Petya'
Petya is actually a name for an older version of the malware. When key differences emerged, researchers gave it various different names to mark it as a new strain of Petya. GoldenEye seems to have stuck.
How to protect against it
There are two ways Petya/GoldenEye attacks a computer. "The exploit attacks vulnerable Windows Server Message Block (SMB) service, which is used to share files and printers across local networks," said David Sykes, business security expert at Sophos. "Microsoft addressed the issue in its MS17-010 bulletin in March, but the exploit proved instrumental in the spread of WannaCry last month. The new Petya variant can also spread by using a version of the Microsoft PsExec tool in combination with admin credentials from the target computer."
These problems have been patched, but some people have not downloaded the fix, so it keeps spreading. Your first line of defense is to be sure you have the latest version of Windows: If you have automatic updates turned on, you're safe. The update should already be installed to your computer.
If you don't have auto update on, you can download the security update here:
- Windows 8 x86
- Windows 8 x64
- Windows XP SP2 x64
- Windows XP SP3 x86
- Windows XP Embedded SP3 x86
- Windows Server 2003 SP2 x64
- Windows Server 2003 SP2 x86
Windows has a download page for all versions available here.
Next, make sure that your antivirus software is up to date. Most antivirus companies already have patches out that block Petya and this new version of it.
Lastly, take sensible everyday precautions. Sykes recommends backing up your computer regularly and keeping a recent backup copy off-site. And don't open attachments in emails unless you know who they're from and you're expecting them.