The Petya virus has been a trending topic for the past few weeks amongst cyber-crime agencies around the world. The Petya virus has been responsible for an extraordinary number of cyber-attacks spreading all over Europe, the Middle East and the U.S. at an alarming rate. The headcount of affected computers by June 28th was of approximately 230,000 in over 150 countries. In as little as 5 hours from its launch, it had already received almost $7,000.00 in digital currency. This virus has not only targeted ordinary PC users, it has also targeted large enterprises such as: Rosneft, Heritage Valley Health System, Merck, Mondelez, WPP, DLA Piper amongst many others.
Are you safe from this computer virus?
There are few known measures regarding the prevention of this computer virus, and one of them is the Avira antivirus. Avira has tested and proven effective as a last line of defense against the Petya virus.
Aside from using award-winning security software, such as Avira, computer experts suggest keeping all applications and programs up-to-date.
If you do not have anti-virus protection, don’t think twice about it, contact Geeks on Site.
What type of computer virus is Petya?
This malicious software is also known as a “Ransomware”. To those who are not familiar with this type of computer virus, a ransomware is malicious software that holds your computer for a ransom, blocks all access to it (or specifically to its data), and once that ransom has been paid the computer and all its files will be released.
How does the Petya virus function?
What the Petya virus does, is it encrypts the computer hard drive’s master file table; it also renders the master reboot record inoperable. This restricts any type of access to your system. It holds hostage computer information such as, file names, size and location on the physical disk. After the mentioned files are encrypted, the computer virus then proceeds to ask for a ransom in order to release files; in this case the most popular ransom is a type of crypto currency (Bitcoin) since it cannot be traced back to its owner or receiver. The victims of this virus are put in an extremely hard situation if they do not have a backup of their files. They either have to pay $300.00 or lose their files forever.
Where did this computer virus come from?
It is believed that it originated in Ukraine. The 1st known source was a tax accounting software firm called MeDoc. Microsoft and numerous security researchers mentioned that MeDocs security could have been breached and the virus spread via additional updates.
How does it spread?
The Petya virus is like a worm, or better explained, it can self-propagate. The way it spreads is by targeting lists of computers using 2 known methods:
- IP address and credential gathering:
Petya builds lists of available computers in network to infect through IP addresses. This usually includes addresses on the Local Area Network (LAN) with remote IPs that are not protected. LAN addresses are a preferred pathway, since they tend to be easier to infect.
After the list has been built with the initial targeted addresses, what this computer virus does, is it builds a secondary list with usernames and passwords available to use while further infecting these PCs.
- Lateral Movement:
As for the 2nd method of spreading this virus, Petya uses something called lateral movement. Lateral movement has 2 variations:
- Execution across network shares:This tricky software attempts to spread by copying itself using the stolen credentials from a computer.
- SMB exploits:The malware attempts to spread using variations of the EternalBlue and EternalRomance exploits.
Good news! Avira’s renowned testing laboratory has developed security strength that both detects and blocks these three variations of the Petya virus that are infecting computers both via LAN connections and the Internet.
For optimal protection, Geeks on Site recommends the Avira & Hitman Pro Combo which not only protects against the Petya virus, but they also run behavioral scans, provides additional threat protection via scan cloud, removes malware, and protects against exploit/susceptible applications. This security package also prevents the high risk of software crashes, slow startup processes and unwanted system errors. Keep your PC protected from the Petya computer virus and future viruses a like with the help of Geeks on Site. Questions? Give us a call right now, 800-672-0685, we’re here 24/7.