A variation of the Petya ransomware was launched as a global cyber attack on June 27th, 2017. It started affecting companies within Ukraine and was reported to have caused infections in other countries like the United States, the UK, Poland, Italy, Germany and France. This variant of Petya has a different mode of operation than the Petya ransomware that first hit in March and May last year. It targets a vulnerability of the protocol named Server Message Block of Windows termed, EternalBlue instead of propagating via infected PDF files as was the case in the initial version of Petya. Because of the differing mode of operation, experts have termed this version of the ransomware as NotPetya.
- Part 1: What is Petya Ransomware?
- Part 2: How to protect your Windows Computer from Attacks like Petya
- Part 3: How to Recover Files Deleted by Virus Attack
Part 1: What is Petya Ransomware?
Petya is the name given to a malware which acts as a ransomware and demands the payment of a specific amount in Bitcoin. It infects computers that run Windows Operating System and is usually propagated by a payload which is disguised in the form of a PDF file delivered to the computer as an email attachment. As a result of this malware, all of the documents on the infected computer become inaccessible as they are encrypted and can’t be accessed without the encryption key. This ransomware was first encountered in March 2016 and various other versions of it have been seen in May 2016 and most recently in June this year. Petya was successful in infecting a large number of companies in Ukraine and managed to affect numerous companies all over the world.
Petya strikes a resemblance to another ransomware that hit in May of 2017, WannaCry. The similarity between the two malware lies in the fact that both of them demanded ransom payments in the form of Bitcoin. Moreover, the NotPetya version and WannaCry both targeted EternalBlue vulnerability of the Windows Operating System. Although this two ransomware is quite similar, they have some differences as well. For instance, the WannaCry cyber attack was truly global in nature and affected computers all over the world while Petya was limited to a handful of European countries and the United States at best. In addition to this, Petya is considered by security experts as a much more dangerous type of ransomware than WannaCry.
Part 2: How to protect your Windows Computer from Attacks like Petya
In the wake of the attack like Petya, it has become increasingly important for computer users to know what they can do to protect their Windows-running PCs. The following are some of the measures that you can take in order to keep your computer safe from cyber attacks like Petya.
1. Back up your computer
Backing up the files on your computer is one of the best ways to ensure that you are not affected too much if a cyber attack such as Petya infects your system. With your files backed up on an external hard disk or the cloud, you would have no difficulty whatsoever in accessing the files that are currently inaccessible on your computer system thanks to the encryption caused by the ransomware. However, it is important that you backup your computer on a regular basis so that the latest versions of all your files are readily available to you.
2. Install protection programs
Another great means of stalling the progress of a malware and protecting your computer from its affects is installation of protection programs. These programs include anti-malware software, anti-virus programs and firewalls. Such protection software can help in notifying the threat posed by malware immediately and also safeguard the files stored on your computer from getting encrypted by the ransomware. It is also necessary to constantly update these programs too so that you have the most up-to-date protection from malware of all kinds.
3. Download patches
In the aftermath of cyber attacks such as WannaCry and Petya, Microsoft released patches that protected Windows users from the EternalBlue vulnerability that these ransomware targeted. These patches can help you from keeping your computer safe from these malware attacks. Most of the Window-run computers that are automatically updated have gotten this patch update by now. If you haven’t gotten this patch as of yet, you can download it from the Microsoft website as soon as possible.
4. Don’t click on anything suspicious
Most of the ransomware like Petya and WannaCry propagate through emails with suspicious attachments. Thus, it is a good idea not to click on any attachment which you find even the slightest bit suspicious. There are various red flags associated with such emails and you just need to be attentive enough to differentiate them from emails sent from authentic sources. In addition to this, you must refrain from visiting websites that are known for suspicious or illegal activity as well since they are breeding grounds for malware like WannaCry and Petya.
5. Protect yourself when using public Wi-Fi
Ransomware like Petya spread from one computer to another utilizing their shared network. Using a public Wi-Fi puts you in a similar position. In such instances, your computer is visible to everyone using the same Wi-Fi and is thus in danger of getting infected by malware. To protect your computer when utilizing a public Wi-Fi, it is in your best interest to make use of a VPN or a Virtual Private Network. While it won’t stop a malware, a VPN could help by hiding your computer from others on the public network, thus preventing you from being attacked by ransomware.
Part 3: How to Recover Files Deleted by Virus Attack
Virus attacks can make files on your computer inaccessible by encrypting them and might even delete them altogether. If your files deleted by virus attack, you can use a readily available data recovery software to help you recover originally deleted files. We highly recommended Wondershare Data Recovery software to help you get your files back, this recovery software is available for a free download and can be used for recovering files on both Windows-run PCs as well as Macs running Mac OSX. Follow the next simple steps to perform deleted file recovery.
- Recover lost or deleted files, photos, audio, music, emails from any storage device effectively, safely and completely.
- Supports data recovery from recycle bin, hard drive, memory card, flash drive, digital camera and camcorders.
- Supports to recover data for sudden deletion, formatting, hard drive corruption, virus attack, system crash under different situations.
- Preview before recovery allows you to make a selective recovery.
- Supported OS: Windows 10/8/7/XP/Vista, Mac OS X (Mac OS X 10.6, 10.7 and 10.8, 10.9, 10.10 Yosemite, 10.10, 10.11 El Capitan, 10.12 Sierra) on iMac, MacBook, Mac Pro etc.
Step 1: Select the file type you want to recover
What the type of files deleted by virus attack, you can select the specific file type such photo, video, music, Email,document and others. Or you can select the option "All File Types" to start.
Step 2: Select the location to scanning files
Make sure you remember where your files deleted by virus attack. You should go to select the option "Whole Computer" and click on the "Start" button to start scanning deleted files.
Step 3: Recover deleted files by virus attack
After deep scanning, these data recovery application will recover the deleted files by virus attack. You can simple previewe the recovered files, and click on the "Recover" button to get your files back.
Ransomware like Petya can prove to be quite damaging for the computer system. They can encrypt or delete important files and demand ransom to get back access to these files. By taking the proper safety measures, you can safeguard your Windows PC from malware attacks like Petya. However, data recovery software can not guarantee that any situation can be 100% recovery. Keep your data safe you should go to backup your data timely, it can effectively prevent data loss.
