Only last month WannaCry ransomware turned out to be quite a headache for everyone all over the world. At the time, Microsoft was forced to release updates even for the long dead Windows XP operating system. And now another much more harmful ransomware called PetyaWrap has been spotted. Almost all the security researchers from the different security software vendors are calling this much worse than the WannaCry ransomware.
PetyaWrap ransomware is also called Petya, GoldenEye, and WannaCry2 for many different reasons. It is called Petya because it resembles Petya ransomware which encrypts your disk to the sector level. It is called GoldenEye because it also has a code that, just like GoldenEye ransomware, it encrypts your files. And it is being called WannaCry2 because it uses the same vulnerability (EternalBlue) that was used by WannaCry ransomware.
So here are some of the steps you can take to stay protected against the PetyaWrap ransomware –
- Keep Windows up-to-date : PetyaWrap uses the vulnerabilities like EternalBlue and you can stop it by simply installing all the patches released by Microsoft. To install all the updates, you should enable the Automatic Updates in Windows. You can enable the automatic updates simply by running the Windows Update Minitool. This tool works for all the versions of Windows.
- Do not use administrator accounts in Windows : PetyaWrap uses administrator level access to carry out some of its tasks. For example, it uses PsExec to run commands in other systems on a network. This requires PsExec to be elevated (run with administrator level access).
- Install a good antivirus solution and keep it updated : At this time, the antivirus software solutions from reputed vendors like BitDefender, ESET, Avast, Symantec, McAfee have already included the PetyaWrap ransomware in their definitions and cand detect/block it before it can cause any damage or infect your PC. You simply have to install any of these and keep them up-to-date.
- Use Macrium Reflect to image your hard drive : PetyaWrap can encrypt your entire hard drive. This means you won’t be able to boot into Windows. But if you have an image of your hard drive saved earlier using Macrium Reflect software (it is free), you can restore your hard drive just as it was before the ransomware attack. You should create a bootable USB drive for Macrium Reflect so that you can boot using it and restore the hard drive image.
Another important thing about PetyaWrap that security researchers have noticed is that the ransom payment system could be flawed and might not work. This means that once your hard drive is encrypted, it could possibly be not decrypted even after a payment is made. Therefore, you should follow the above mentioned steps to protect your computer systems and hope for the best.