8 Tips to protect yourself from Petya Ransomware
The latest attack the world of internet has seen is the Petya ransomware virus. A new variant of the virus has even been released with the Eternal Blue Exploit Code targeting windows machines too. Unlike the Wanna Cry virus, Petya is a ransomware with a difference. Delivery methods include phishing, scams or emails, Payload requires local administrator access.
The Petya EffectOnce the program has been executed, the system's master boot record is overwritten by the custom boot loader. This loads a malicious kernel containing a code that commences the encryption process. Once the Master boot record is changed, the system crashes because of the malware. When the computer reboots, the malware shows a fake check disk process. The malware encrypts the master file tablet on disk partitions in the window OS. So when your machine tries to reboot, the problem begins. How do you make sure you are not held ransom by this virus? Read on to know how to get better of Petya.
1. Restrict Local Admin Rights Malware requires administrator rights to the local computer. Standard users should not have this permission and the organisation needs to limit the people with local admin rights. Standard User accounts should be used by home users for everyday operations.
2. Disable Automatic Rebooting Following a Crash Some systems are configured to reboot automatically once they crash. This feature can be disabled in Windows. If the MFT is prevented from being encrypted, the data can be recovered from the local disk.
3. Opt for A Security Patch Download the latest Microsoft patches including MS17-010 which patches the SMB vulnerability. The SMBv1 can also be disabled to prevent the spread of this ransomware.
4. Remain VigilantAnother important point is that users should remain vigilant. This is more so while opening attachments or clicking on links from senders unknown. The latest updates for the anti-virus software need to be installed too. Vendors are releasing updates for this purpose.
5. Have a Backup Backing up copies of files on the local disk is a must. User files on local drives are replicated from a network share. So prevent users from writing data outside the set areas on the local hard disk. This can prevent data loss if an attack takes place. A less privileged access model should be used by employees.
6. Go in For Automatic Updates Update your antivirus software to the latest version. Check if the signatures are upto date. Ensure automatic updates are turned on and the latest security patches are applied.
7. Harness the Power of the CloudUse a cloud backup or online storage provider such as Google Drive, Microsoft OneDrive, dropBox and as the files change, they should be updated in the cloud. A stumbling block for Petya is that the ransomware does not encrypt files themselves; it encrypts the Master File table, an index of where all files are stored on the hard disk drive. Sans the index, it is tough to make out where files are on the disk.
8. Protect Yourself on Public Wi-Fi When using public Wi-Fi, you need to protect yourself. Make sure you change security settings on your computer on a public network, and ensure you are not viewable on the network. Another way out is to use a VPN or virtual private network for hiding the computer from those using the public network.