CDSA

IBM: 6 Ways Businesses Can Protect Against Ransomware Like Petya (Forbes)

[svg-table-content]

On June 27, organizations in over 65 countries reported they had been infected with Petya ransomware. Petya ransomware was first discovered in March 2016, and like most malware, it was primarily spread via email phishing attacks. After a user was infected, the ransomware would encrypt data files on the systems and hold them hostage in exchange for a ransom payment. Once the ransom was paid, the attackers would typically (but not always) provide the decryption key so that users could restore their files. This ransomware is still in the wild, and users can still fall victim.

Notably, however, the initial Petya ransomware is very different from the Petya variant that was released in June 2017. This new Petya variant is not truly ransomware. Instead, it’s wiper malware disguised as ransomware. The wiper malware does not hold data hostage in exchange for a ransom; it’s sole purpose is to destroy data and corrupt systems. There have been no new reports of this Petya variant following June 27, but this and similar types of malware can (and will likely) spread at some point in the future.