Petya ransomware have been detected mainly in business environments. Petya spreads via the Remote Desktop Protocol (RDP) and/or Server Message Block (SMB) protocols which allow PCs and other devices to ‘talk’ to each other across a network.
Many anti-viruses provide protection against known variants of Petya.
Infected PC might display the following message on screen:
Repairing file system on C:
The type of the file system is NTFS.
One of your disks contains errors and needs to be repaired. This process may take several hours to complete. It is strongly recommended to let it complete.
WARNING: DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOUR DATA! PLEASE ENSURE THAT YOUR POWER CABLE IS PLUGGED IN!
CHKDSK is repairing sector xxxxx of xxxxxxxx (x%)
- Data on affected systems is encrypted, and the PC prompts for a reboot.
- After reboot, a ransom screen similar to the following is displayed:
- File extensions that are know to be affected by the encryptionare:
.3ds, .7z, .accdb, .ai, .asp, .aspx, .avhd, .back, .bak, .c, .cfg, .conf, .cpp, .cs, .ctl, .dbf, .disk, .djvu, .doc, .docx, .dwg, .eml, .fdb, .gz, .h, .hdd, .kdbx, .mail, .mdb, .msg, .nrg, .ora, .ost, .ova, .ovf, .pdf, .php, .pmf, .ppt, .pptx, .pst, .pvi, .py, .pyc, .rar, .rtf, .sln, .sql, .tar, .vbox, .vbs, .vcb, .vdi, .vfd, .vmc, .vmdk, .vmsd, .vmx, .vsdx, .vsv, .work, .xls, .xlsx, .xvd, .zip
What you should do:
- Update your Internet security software
New viruses and threats appear all the time, so it is important to keep your security software up-to-date. Mostly anti-viruses are designed to ‘auto update’ to ensure that you always have the latest protection, but you can verify your software is up-to-date at any time.
- Apply Microsoft Windows security updates
Ensure that your Windows operating system is fully up-do-date:
- Click the Start button on the bottom left of your Windows desktop.
- In the search box:
- Type Windows update.
- Press ENTER.
- Click Check for updates.
- Follow the prompts. Windows will download and apply any important updates.
How can you avoid becoming a victim of ransomware?
- Think before you click. If you receive an email that contains an attachment, think twice before clicking on it. If you were not expecting it or it looks suspicious, delete it, even if it appears to come from someone you know. You can always ask them to send it again if it is legitimate.
- Back up your files. Always make sure your files are backed up. That way, if they become compromised in a ransomware attack, you can wipe your disk drive clean and restore your data from the backup. Remember, backups can also get infected, so you should disconnect your backup drives from your PC when possible to prevent this from happening.
- Update your PC and devices. Ensure that your PC’s operating system is up-to-date. Software updates and ‘patches’ contain security improvements that help to secure your PC and make it more difficult for ransomware and viruses to infect it.
No More Ransom aims to help victims of ransomware retrieve their encrypted data without having to pay the criminals. For more advice call us tollfree +1-800-742-9005.