The world was hit again with another global ransomware attack. This attack is called NotPetya- a newer, deadlier version of the Petya ransomware that originated in 2016. The information around this attack is still becoming available at this time, but here’s 10 facts we already know about NotPetya:
- The virus is also being referred to as GoldenEye
- Like the recent WannaCry attack, NotPetya uses an NSA exploit leaked earlier this year.
- It seems to be spreading via some of the same Windows code loopholes exploited by Wannacry, supposedly called EternalBlue
- Unlike WannaCry, which had a backend kill switch and several bugs, there is no known kill switch at this time
- To spread within companies that installed the patch to protect themselves against WannaCry, the Petya ransomware appears to have two other ways of spreading rapidly within an organization, by targeting the network’s administrator tools
- The highest rate of infection appears to be in Ukraine (where it originated) and Russia. However, it has popped up in several European countries and the USA
- Over 2,000 organizations have been infected across the globe
- Major US pharmaceutical firm Merck and law firm DLA Piper have been confirmed as being hit by this ransomware attack
- You can tell NotPetya from other forms of ransomware from the stripped-down notice on the screen; it’s a plain black background with red text
- Infected computers display a message demanding a Bitcoin ransom. Those who pay are asked to send confirmation of payment to an email address but that email address has been shut down by the email provider. This means now those infected have no way of contacting the attacker and unlocking their files.
To stay ahead of NotPetya or any ransomware attack, the best method of defense is user education. The number one rule? Be sure to avoid suspicious emails. Things to look out for include:
- Emails from unknown sources (most email services will filter such spam into your junk folder, but in case anything gets into your main inbox, practice some caution)
- Suspicious attachments
- Links to unusual addresses
- Non-official wording or poor grammar in email body claiming to be from an official company or bank
- Missing email subject headers
- Emails from the IRS saying you owe money. The IRS will call you they will not send emails demanding payment
- Emails from banks stating that the IRS has taken money from your account
Whether you're on your work network or at home, being educated about the risks and knowing what to look for will help prevent disaster from striking. Check out more information from MyITpros on staying secure- or go ahead and contact us to learn about how MyITpros can help protect your company!