The so-called Petya ransomware is looking like it might be as big a problem as WannaCry. Here's what we know and how to protect your PC.
Ransomware is a form of malware that locks a user's files until they pay a fee. It began in Ukraine but has spread to more than 60 countries and has infected thousands of PCs running older versions of Windows.
Infected users will see a message warning them not to bother attempting to recover their files.
"Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don't waste your time."
What We Know About Petya
According to Microsoft, the ransomware first hit Ukraine, where it targeted MEDoc, a company that makes tax software. In a Facebook post, the company denied that it was the first victim but does say that its systems were compromised by the malware. Regardless of the malware's point of origin, it soon spread across Ukraine, wreaking havoc among businesses, banks, and government agencies alike.
From Ukraine, it spread to countries across Europe and beyond. It is currently active in 64 countries and runs on more than 12,500 PCs. Several large corporations such as Russian energy firm Rosneft and France's Saint-Gobain have been infected.
The malware was originally thought to be a variant of the Petya ransomware, but researchers at Kaspersky, who have studied Petya, says that while this Malware does share some similarities with Petya, it's actually a different form of malware.
One other thing we know about the ransomware is that it makes use of the EternalBlue exploit, which was released in April by the hacking group known as the Shadow Brokers. The EternalBlue exploit was used during the WannaCry attacks and was allegedly stolen from the NSA.
Protecting Your Computer From Petya And Other Malware
As of right now, we don't have a kill switch for this malware, but there are a few things that can be done to protect PCs.
Two of the best ways to ensure that computers are protected from malware are fairly simple. Users should ensure that they are running a quality anti-virus program and, perhaps most importantly, ensure they are using an updated version of Windows. For reasons we'll never fully understand, plenty of users insist on using old versions of Windows such as XP or Windows 7 despite the security vulnerabilities inherent in those operating systems.
Just as with the flu and other diseases, there are ways to "vaccinate" a PC from malware such as this. In the case of this particular software, users can trick the program into thinking it is already installed on their computer. Navigate to the Windows directory and create a file named perfc and set the permissions to read only. If the malware ends up installed on a computer, it will search for this file and then kill itself when it is found.