With the rising number of online facilities come the risks and threats of being prey to all types of malcode. Malcode is known as malicious code or malware software from which emanates the headache of viruses, worms, Trojans and bots. The latest cry being Petya Ransomware, after Wannacry. So what is a malware, how do they infect our computer system and how can we be on the safe side, if there is a safe side!
First, let’s look at each of the above mentioned types of malware briefly and understand how they functions.
A computer virus is activated when an executable file (.exe) is run. An .exe file can be any software that is downloaded from the internet and run on your computer. Once that program is run, the virus is spread throughout your computer system. It can spread from one computer to another, through the network, a device, sharing of files, or in email attachments. Damage to data or software varies depending on the severity of the virus which can also cause denial-of-service (DoS) conditions.
Computer worms are more dangerous than viruses and can cause imminent damage to your system. This is because of its standalone nature which does not spread through sharing of files or networks, but it replicates by itself. Worms can easily propagates through vulnerable system or use some kind of social engineering to convince users into executing them.
Another harmful malware is Trojan. This type of malware presents itself as a legitimate software. Once it is downloaded and executed it opens the doors to viruses. Trojan comes in the form of Popups or changing desktops. Trojans can damage the host, steal your files and private information. However, unlike viruses and worms, Trojans are not self-replicate malwares. They are spread through downloads of internet files, clicking on links and email attachments.
“Bot” (from the word robot) is both an automated process and can be handled by a human being. Gathering of information is its main goal (web crawlers). They may also control and command an entire network and interact dynamically with websites; instant messaging (IM), or other web interfaces. Bot is a powerful extension of a worm with the ability to crack passwords and gather data, launch Denial of Service attacks, spam, and open back doors on the infected host. They have been known to exploit back doors opened by worms and viruses, which allows them to access networks that have good perimeter control. Bots rarely announce their presence with high scan rates, which damage network infrastructure; instead they infect networks in a way that escapes immediate notice.
How to stay safe?
- Ensure that your Operating System (OS) is up to date
- Installed an antivirus software on your system and download updates frequently
- Do not click on unknown links
- Do not open email attachments from unknown sources or get yourself and emails antivirus scanner
- Do not divulge confidential information especially on social networks
- Keep yourself at bay from clicking on attractive pop ups
- Change your passwords at least once in every 3 months
- Keep a backup of your important files so as not to lose your works
- Do not get hyper with free products
- Restrict yourself on ads
Now the big bang ware; Petya Ransomware!
A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations.
Figure 1. Top 20 countries based on numbers of affected organizations
Similar to WannaCry, Petya uses the Eternal Blue exploit as one of the means to propagate itself. However it also uses classic SMB network spreading techniques, meaning that it can spread within organizations, even if they’ve patched against Eternal Blue.
Symantec has confirmed that MEDoc, a tax and accounting software package, is used for the initial insertion of Petya into corporate networks. MEDoc is widely used in Ukraine, indicating that organizations in that country were the primary target.
After gaining an initial foothold, Petya then uses a variety of methods to spread across corporate networks.
Am I protected from the Petya Ransomware?
Symantec Endpoint Protection (SEP) and Norton products proactively protect customers against attempts to spread Petya using Eternal Blue. SONAR behavior detection technology also proactively protects against Petya infections.
Symantec products using definitions version 20170627.009 also detect Petya components as Ransom.Petya.
What is Petya?
Petya has been in existence since 2016. It differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR).
In this latest attack, the following ransom note is displayed on infected computers, demanding that $300 in bitcoins be paid to recover files:
Figure 2. Ransom note displayed on computers infected with the Petya ransomware, demanding $300 in bitcoins
How does Petya spread and infect computers?
The MEDoc accounting software is used to drop and install Petya into organizations’ networks. Once in the network it uses two methods to spread.
One of the ways in which Petya propagates itself is by exploiting the MS17-010 vulnerability, also known as EternalBlue. It also spreads by acquiring user names and passwords and spreading across network shares.
Who is impacted?
Petya is primarily impacting organizations in Europe.
Is this a targeted attack?
It’s unclear at this time, however, the initial infector is software used solely in Ukraine, indicating that organizations there were the initial targets.
Should I pay the ransom?
Symantec recommends that users do not pay the ransom, particularly as there is no evidence that files will be restored.
How secure are we online?
To answer the question, are we really at bay if we continuously download the latest updates and take precautions of not letting our mouse wandering over the interface with curious clicks? The answer is no! No none of us is completely, 100% safe!
“Complete security does not exist in any part of life and definitely does not exist on the Internet. But we must not be paranoid. Just as we know that when driving a vehicle the probability of an accident is lower if we follow the rules, we can be reasonably safe if we have taken appropriate measures prior to surfing the web: have software updated and use a dependable security solution for all devices like computers, tablets and Smartphones.” Luis Corrons