Petya ransomware is affecting users globally, here are things you can do

  • 1
    Share
Petya_ransomware_quick_heal

Quick Heal Security Labs has come across a new strain of Petya Ransomware that is affecting users globally. This clearly looks like early signs of a new ransomware attack that is spreading fast across the globe. Currently, we have seen multiple reports of this ransomware attack from several countries.

Our Analysis Shows

Petya delivery mechanism is by scam emails or phishing emails. Once the email attachment is executed on the computer it shows the prompt of User Access Control. However, after executing the program it encrypts the Master Boot Record (MBR) and replaces it with a custom boot loader with a code to encrypt the full disk starting with MFT (Master File Tree) and leaves a ransom note to users. Upon successfully encrypting the whole disk of the computer it shows below ransom prompt.

Petya ransom screen.

Fig 1. Petya ransom screen

Are we (Quick Heal users) protected from this ransomware?

All Quick Heal users are protected from this ransomware infection where an exploit called EternalBlue targets the security vulnerability MS17-010. This is the same vulnerability which WannaCry Ransomware has been exploiting to spread. Quick Heal IDS successfully blocks Eternal Blue exploit attempts. Quick Heal’s Behavior Based Detection (BDS) also blocks and warns user of a potential attack under way. Just make sure all the security mechanism of Quick Heal are switched ON.

Quick Heal Security Labs is continuously monitoring the threat and working on releasing updates to protect the threat at different layers. So please keep your Quick Heal up-to-date with all the current updates that are regularly released.

Preventive steps and recommendations

  1. Avoid clicking on links in email received from unknown sender
  2. Apply all Microsoft Windows patches including MS17-010 that patches the Eternal Blue Vulnerability
  3. Make sure your Quick Heal’s auto update is ON and is updated to latest.
  4. Ensure you take a backup of your data to some external disk regularly.
  5. Avoid login to computer with Administrative privileges. Work with user account that has standard user privileges and not administrative privileges. Click here to know more about this.

If a threat is executed in my computer, can I still prevent my data?

If by mistake someone executes the threat on an unprotected computer by clicking on the link in the email and downloading the attachment, and if you see a BSOD (blue screen) that restarts your computer, you can still save your data by not restarting the computer. Just keep it switched off.

When you see the BSOD screen and the system re-starts only the MBR is replaced and your data on the disk is still intact and it can be accessed by mounting the hard disk on some other clean system. Make sure you do not boot the infected computer hard disk at that stage. Once mounted the data can be accessed and copied.

Pradeep Kulkarni

Pradeep Kulkarni

You may also like...

ransomware attacks

Mitigating Ransomware Attacks: How to keep you and your family safe

How to Prevent Ransomware From Locking Your PC

Phishing emails contain ransomware

Phishing emails just got more dangerous! 93% of them contain ransomware

51 Comments

Your email address will not be published.

CAPTCHA Image

  1. Avatar Dr.K.N.BabuJune 29, 2017 at 2:36 AM

    socially beneficial to the society
    KEEP IT UP

    Reply
  2. Avatar jahun51@gmail.comJune 29, 2017 at 5:20 AM

    GOOD SERVICE

    Reply
  3. Avatar Dharmendra yadavJune 29, 2017 at 8:27 AM

    GOOD

    Reply
  4. Avatar PREMSHANKAR PATELJune 29, 2017 at 11:25 AM

    thankyou

    Reply
  5. Avatar KiranJune 29, 2017 at 11:50 AM

    plz update us regularly by describing the do’s and dont’s

    Reply
  6. Avatar m.k.maliJune 29, 2017 at 2:22 PM

    I know only virus and some of its effects. Hence to give any remarks is avoided. However u r doing the best for us (Quick Heal .. users) Thanks a lot With regards.. M.K.

    Reply
  7. Avatar gosher dineshJune 29, 2017 at 3:21 PM

    PL. FOLLOWS INSTRUCTION MADE BY QUICKHEAL TO WORK US SMOOTHLY.

    Reply
  8. Avatar ShailendraJune 29, 2017 at 3:37 PM

    Extremely Thanks For Suggesting…………

    Reply
  9. Avatar somenath mahapatraJuly 7, 2017 at 6:20 PM

    thanks for suggestion

    Reply
  10. Avatar Kevin patelJuly 7, 2017 at 7:15 PM

    His app is amazing

    Reply
  11. Avatar Kevin patelJuly 8, 2017 at 1:30 PM

    Good serious

    Reply
  12. Avatar Nagaraj.sJuly 9, 2017 at 6:16 PM

    Thank you so Mach

    Reply
  13. Avatar Dhruvik jaguwalaJuly 12, 2017 at 3:56 PM

    Mind-blowing…axelent…app…best ….

    Reply
  14. Avatar vinay kumarJuly 13, 2017 at 8:35 PM

    VERY GOOD PROGRAMME

    Reply
  15. Avatar Souvik MalikJuly 15, 2017 at 10:21 AM

    THANK YOU SIR.

    Reply
  16. Avatar Gaurav GoswamiJuly 16, 2017 at 6:33 PM

    wonderful

    Reply
  17. Avatar SUWALALJuly 17, 2017 at 8:39 AM

    SCAN ALL

    Reply
  18. Avatar deepak panchalJuly 17, 2017 at 8:12 PM

    Dear I want quick scan virus free

    Reply
  19. Avatar bachchu hatiJuly 18, 2017 at 12:52 PM

    So good

    Reply
  20. Avatar chinmya tripathyJuly 19, 2017 at 7:38 AM

    how do i update my quick heal total security

    Reply
  21. Avatar BABULAL DEORAJuly 19, 2017 at 2:43 PM

    GOOD

    Reply
  22. Avatar Ravi SinghJuly 19, 2017 at 9:40 PM

    very nice antivirs

    Reply
  23. Avatar SANJAY jadavJuly 21, 2017 at 4:13 PM

    One of the best using the provide the quick heal anti &security guard for Mobail

    Reply
  26. Avatar Samit Kumar MahataAugust 11, 2017 at 12:56 AM

    Very Good Update Sir

    Reply
  27. Avatar goesstefan26@gmail.comAugust 11, 2017 at 3:41 PM

    thank you………..

    Reply
  28. Avatar SUDIP GUHA ROYAugust 11, 2017 at 7:17 PM

    Use QUICK HEAL TOTAL SECURITY for PC, LAPTOP, DESKTOP,TAB, MOBILE any of it’s kind.

    Reply
  29. Avatar p.moitraAugust 12, 2017 at 6:56 AM

    Fruitful result obtained
    Thanks

    Reply
  30. Avatar Debabrata PradhanAugust 12, 2017 at 11:29 AM

    good service & high version alert

    Reply
  31. Avatar ayushAugust 13, 2017 at 9:21 AM

    Good anti virus

    Reply
  32. Avatar VeenaAugust 13, 2017 at 6:55 PM

    Nice service please update regularly

    Reply
  33. Avatar Surjendra SinghAugust 14, 2017 at 11:15 AM

    its good to work with quick heal

    Reply
  34. Avatar amzadhussain88@gmail.comAugust 14, 2017 at 12:34 PM

    Quick Heal is better than best !

    Reply
  35. Avatar vivekAugust 15, 2017 at 6:41 PM

    Wow…nice .
    Very good service

    Reply
  36. Avatar manoj cherianAugust 16, 2017 at 4:24 PM

    Good

    Reply
  37. Avatar Marutiappa Madhavrao RavankoleAugust 17, 2017 at 12:18 AM

    Thanks good service

    Reply
  38. Avatar RajeshAugust 17, 2017 at 5:39 PM

    Good security

    Reply
  39. Avatar chiragAugust 17, 2017 at 8:05 PM

    good service sar

    Reply
  40. Avatar 951995vikash@gmail.comAugust 18, 2017 at 9:09 AM

    I love it. Nice weekend in this thread for me.

    Reply
  41. Avatar GoutamAugust 19, 2017 at 12:05 PM

    Antivirus is very good

    Reply
  42. Avatar prince kumarAugust 19, 2017 at 12:25 PM

    Good apps

    Reply
  43. Avatar A K H SharmaAugust 19, 2017 at 7:41 PM

    I am using quickheal since last 11 years , services and security is improving up to satisfaction level.

    Reply
  44. Avatar padvi breetAugust 19, 2017 at 8:16 PM

    it was awesome and coool….i love it because its antitheft was nice because someone’s change my sim card its quickly block them.

    Reply
  46. Avatar Dagade RajaramAugust 20, 2017 at 11:05 AM

    Very good

    Reply
  47. Avatar Ravi Kumar GuptaAugust 20, 2017 at 6:36 PM

    Nice

    Reply
  48. Avatar Srawan kumarAugust 20, 2017 at 7:50 PM

    Good service for Mobile security

    Reply
  49. Avatar Shahil RaiJanuary 11, 2018 at 4:50 PM

    Nice app….LIKED IT !

    Reply
  50. Avatar Amit Kumar SinghJanuary 19, 2018 at 10:30 AM

    good

    Reply
  51. Avatar Rajat vermaJanuary 28, 2018 at 10:15 AM

    Good service

    Reply

This website uses cookies to ensure you get the best experience on our website. Learn more