There’s no honour among thieves, as a group of attackers has hijacked the Petya ransomware and use it in targeted attacks against companies without the program creators’ knowledge.
A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab. Matt Kingswood, UK Head of Managed Service Provider at IT Specialists commented below.
Matt Kingswood, UK Head of Managed Service Provider at IT Specialists:
“The news story on the new variant of the Petya ransomware – dubbed PetrWrap – exposes just how complex and well evolved cyber threats have become.
Researchers from Kaspersky have documented that “the group behind PetrWrap created a special module that patches the original Petya ransomware ‘on the fly’”.
While Kaspersky has a signature for this ransomware already, other AV providers are sure to follow soon.
Although there are a range of best practices to reduce the risk of a ransomware infection (such as installing an anti-virus scanner, utilising intrusion detection services, applying updates as soon as possible and avoiding unsolicited email attachments), there is no failsafe method for preventing ransomware.
The best way to prepare for an attack is to back up data regularly to the cloud. Secure cloud-to-cloud backup solutions create another, encrypted version of your data and maintain prior versions ‒ in the case of a ransomware attack, the versions before the attack. And, of course, this second copy has the added benefit of preventing data loss via accidental deletion.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.