Petya May be the Worst Ransomware Ever

Randomsware Petya

Ransomware has been wreaking havoc for years, locking up data and decrypting and releasing it only when money is paid, usually through Bitcoin.

Like any successful malware, new variants are based on the old ones, making it a snap for even amateur-hour hackers to tweak an old exploit and unleash it as new.

So now we have Petya, whose victims already include banks, airports, the metro in Kiev, and even Chernobyl radiation detectors. And this is only the beginning, as the malware is still very much in the wild.

The sad part is this exploit should have been prevented. Petya is based on the WannaCry ransomware attack, which goes after a hole in older versions of Windows. The U.S. National Security Agency (NSA) used this vulnerability for its own cyber-efforts — which a WikiLeaks data dump disclosed, offering hackers an easy-to-follow blueprint.

Smart end users and IT shops patch their systems, and in fact, Microsoft has a patch that plugs this hole. Unfortunately, all too many organizations fail to patch regularly and completely.

The reality is most successful exploits are against unpatched systems. Hackers love to take shortcuts and the patching process offers a perfect opportunity; just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.

Petya Screen Capture

Here is what the Petya warning screen looks like.

Petya Will Really Make You WannaCry

Petya adds some sinister elements to what WannaCry offered. For one, iPetya knows how to mine endpoints for passwords and uses these credentials to spread to other devices.

Petya can also be spread by taking advantage of machines with admin rights, similar to an elevation-of-privilege attack.

Three Ways to Avoid the Pain

Ransomware is serious stuff, but only if you haven’t take these steps to protect your operation.

  1. Patch your computers. Patching is 100 percent essential, but it is not easy for organizations that rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all endpoints and servers.
  2. Maintain an antivirus and anti-malware solution. With proper security protection across all your systems, incursions such as WannaCry will be spotted, blocked, and purged. Like patching, an automated solution that installs and updates security across all of your systems is essential.
  3. Be Smart about backup. Ransomware works by holding your data hostage. For those with no backup, an encrypted and locked hard drive is a disaster. If you have a current backup, it is only a nuisance. The best solution is an automated tool that backs up all of your systems to the cloud, where it remains safe until you need that data back.

With Kaseya VSA, all endpoints can be patched automatically and completely.

Cloud Backup to the Rescue

Cloud backup can automatically and regularly copy your files. And restoration is a snap, as this data is resting comfortably in the cloud just waiting for you to access it.

Kaseya has a cloud backup solution that is ideal for SMBs and managed service providers alike. Recently, Kaseya introduced Kaseya Cloud Backup, powered by Acronis. With Kaseya Cloud Backup, you can back up and recover every machine you manage on-premises or in the cloud – all from one place.

By leveraging the power of Kaseya VSA (which includes patch management and antivirus/anti-malware) with Kaseya Cloud Backup, you can quickly define backup policies by organization, machine group, or device type. Create as many policies as you need to simplify managing the backup requirements of the entire set of infrastructures under your control, and ensure you are meeting all compliance procedures. Changes in standard policy procedures can be applied to multiple machines and environments with a few simple clicks. In addition, you can create policies in VSA to restart failed backups automatically, shut down machines prior to backing up, and resolve many other problems that commonly occur during routine backup processes.

Posted by Doug Barney
Doug Barney was the founding editor of Redmond Magazine, Redmond Channel Partner, Redmond Developer News and Virtualization Review. Doug also served as Executive Editor of Network World, Editor in Chief of AmigaWorld, and Editor in Chief of Network Computing.

The Best of Kaseya 2022 — IT Managers, Check This Out!

IT professionals have long been tasked with maintaining the security and performance of their company’s endpoints. However, the proliferation ofRead More

IT Reports: Examples, Benefits, Best Practices and More

Data makes the world go round, forming the basis for some of the most critical business and political decisions. InRead More

People planning on a tv screen desktop

The FBI Was Our #1 Partner During the Worst Time of Our Company’s History, and They Should Be Yours Too

As the CEO of Kaseya, I have intimate and detailed first-hand experience of what it’s like to deal with aRead More

Patch Management Policy Features, Benefits and Best Practices

In 2020, Ryuk Ransomware operators shut down Universal Health Services by exploiting the zerologon vulnerability to gain control of domainRead More

Download the 2022 IT Operations Survey Report - Click Here