If the WannaCry attacks were a signal of things to come, then the NotPetya ransomware, which hit machines globally on Tuesday is the sequel that most cyber experts were anticipating. According to experts, NotPetya cleverly uses legitimate Windows processes PsExec and Windows Management Information Command-line (WMIC), which is an interface that simplifies the use of Windows Management Instrumentation (WMI).
But simply put, it is no different from WannaCry, and the end motive for the hackers is to earn ransom money (in bitcoin). So, what else do we know about NotPetya? Who has been hit by the ransomware attack, and how can they minimise the damage? Here’s all you need to know.
How Bad is NotPetya?
NotPetya is known to use both the NSA's exploit tool EternalBlue and the PsExec as infection vectors and is detected as RANSOM_PETYA.SMA.
As noted by cyber security experts, NotPetya reboots the PC, presenting a faked ‘check disk’ screen, and showing the ransom message. The reboot and subsequent messages are typical of previously observed ransomware Petya behaviour. (Yes, it’s easy to confuse between the two ransomware programs.)
It has affected countries like Ukraine, Spain and is gradually spreading to countries like India too, where brands like Mondelez, Genesis and one of the country’s largest ports, JNPT, have reportedly been hit.
How Did it Start?
According to Kaspersky, the attack is said to have started when a software called MeDoc was updated by government organisations in Ukraine. Which is why Ukraine has been hit the worst with over 60 percent of PCs affected, followed by Russia with 30 percent affected Windows PCs.
How Can You Prevent the Attack?
If you’re one of the lucky ones who’ve managed to stay clear from the NotPetya attacks, and want to make sure that remains the case, then here’s what you should be doing to safeguard your confidential data.
How to Stop Ransomware Attacks?
Most of us have been blaming software giants like Microsoft, holding them culpable for the advent of such attacks, but that isn’t the real cause.
As informed by cyber security experts, Microsoft continues to roll out security patches for operating systems (OS), which weren’t even supposed to be running on PCs anymore.
However, as things stand, Windows XP and Windows 7 are still the preferred OS for enterprises. What doesn’t help in the case of such attacks is, even though companies are getting security support from the OS provider, they fail to implement them on their systems, leaving them vulnerable to attacks like WannaCry and NotPetya.
If companies fail to update their systems, then the threat of ransomware attacks is only going to increase.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)