Photo: Sergey Zolkin
A fast-moving, international computer virus called Petya is taking down corporate networks that run mainly on Microsoft Windows software. It has already hit most of the government applications of Ukraine as well as major companies in Europe including advertising agency WPP and law firm DLA Piper.
What does Petya look like?
Users logged into their computers only to see this come up on their screens.
— Security Response (@threatintel) June 27, 2017
Where and what is Petya?
The Petya virus is the second major international virus to hit computer networks in a month, following WannaCry. It has spread rapidly to U.S. companies, according to reports.
We have confirmed U.S. cases of Petya ransomware outbreakhttps://t.co/SFjFE9yILX
— Chris Bing (@Bing_Chris) June 27, 2017
How does Petya work?
The Petya virus is a kind of “ransomware,” which works like a technological mugging: hackers take over computers and demand payment to let them go.
Petya has existed in one form or another since 2016 but it is spreading faster now. Computer viruses, just like biological ones, replicate and have “strains,” and it’s possible that Petya is a tougher strain of ransomware than previous viruses were.
As The Verge describes it, the Petya virus takes over a computer and demands $300 in payment. The hackers require the payment in Bitcoin, and then demand that users email them proof of payment to the chosen Bitcoin “wallet.” Multiple outlets report that the virus has already earned a modest amount for the hackers: the blockchain records showed 20 transactions to the target wallet, totaling nearly $5,000.
Why is Petya such a big problem?
The virus is a nightmare for companies because their network administrators have to spend time figuring out how to get their computers back online while waiting for a fix, or “patch” from Microsoft. While many companies patched their accounts at the time of the WannaCry virus last month, clearly it wasn’t enough.
Even at the time of WannaCry, not enough companies were prepared with patches. When writing about WannaCry, Wired wrote, “it appears that many companies have put off a patch despite the clear and potentially devastating threat of a similar ransomware spread. These systems apparently remain vulnerable even after Microsoft released multiple patches for legacy systems, like Windows XP, that the company no longer supports.”
Can Petya be prevented or stopped?
Unlike WannaCry, this strain of Petya reportedly has no kill switch function, so it’s unclear if it can be stopped yet. Worse, malware analyst Vyacheslav Zakorzhevsky said that this strain is a new ransomeware that security experts like him haven’t encountered.
Ukraine’s interior minister adviser told Reuters that the Petya virus got into computer systems through “phishing” emails that were written to trick employees into opening them. If that’s the case, be sensible. Don’t click on links and attachments or download files from suspicious senders. Never use public Wi-Fi for business and be wary of shortened links.
To prevent Petya-like ransomware attacks in general, employees should have their automatic software updates on and should avoid using outdated operating systems. If you find yourself on an old Windows computer, you should immediately install Microsoft’s emergency patch MS17-010
–reporting contributed by Heidi N. Moore