What is NotPetya?
The primary side effects of the attack showed up on June 27 in Ukraine, with the National Bank of Ukraine and the Kiev International Airport both got hit hard. Indeed, even Chernobyl’s radiation monitoring system has apparently been influenced. In any case, NotPetya, which focuses on the Windows systems, didn’t remain there. Microsoft has confirmed that PCs in 64 extra nations have been contaminated.
The ransomware, purported on the grounds that it requests an installment from clients in return for retrieving their records, seems to utilize some code from a prior ransomware known as Petya. Nonetheless, this most recent rendition hopes to have been soaked up with the supposedly stolen NSA abuse EternalBlue — a similar attack that drove the spread of WannaCry — and all things considered has security scientists calling it “NoPetya.”
As per renowned security firms all over the world, NoPetya is very nasty and dangerous as it not only encrypts the systems files but modifies the master boot records.
Once a system is contaminated, a message is shown requesting $300 worth of Bitcoin in return for a decoding key. In any case, as the recorded email address for affirming that the payoff has been paid has been closed around the email supplier, there is almost no possibility a decoding key will be given regardless of the possibility that a victim pays.
Basically, those hit by NotPetya can kiss their information bye-bye.
Preventions are always better than cure
- It is always good to have a Domain Message Authentication Reporting & Conformance (DMARC), Sender Policy Framework (SPF), & DomainKeys Identified Mail (DKIM) for your domain, it’s a domain validation system designed to prevent spam.
- Don’t click on any links or attached documents from an unsolicited email or SMS message.
- Regularly update security and software patches of your operating systems.
- Install updated antivirus software’s on your computers and mobile devices and avoid visiting disreputable websites including illegal movie streaming sites and some adult’s websites.
- Take regular backups of your important data and make sure your devices are not connected to your systems or else even they can be corrupted.
- Enable restrictions on the execution of PowerShell’s/WSCRIPT in an enterprise environment. Make sure you use the latest version (currently v5.0) of PowerShell.
- Restrictions on the execution of PowerShell’s/WSCRIPT in organizations. Ensure you utilize the most recent form (as of now v5.0) of PowerShell.
- Software Restriction Policies (SRP) need to be implemented strictly in order to block binaries running from %PROGRAMDATA%, %APPDATA%, %TEMP% paths.
- Instigate email filters on the network as the Petya Ransomware is spread majorly via emails.
- Keep the Softwares and application updated with the latest security patches.
- Ensure the codes and scripts are well optimized
- Disable remote desktop connections
- Enable system and network firewalls to avoid any loopholes.
- Do not pay any money in case the systems get compromised as there is no guarantee of retrieval.