• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Ransomware • Security  /  Petya ransomware is affecting users globally, here are things you can do
petya_ransomware_quick_heal
28 June 2017

Petya ransomware is affecting users globally, here are things you can do

Written by Pradeep Kulkarni
Pradeep Kulkarni
Ransomware, Security
1
Estimated reading time: 2 minutes

Quick Heal Security Labs has come across a new strain of Petya Ransomware that is affecting users globally. This clearly looks like early signs of a new ransomware attack that is spreading fast across the globe. Currently we have seen multiple reports of this ransomware attack from several countries.

Our analysis shows:

Petya delivery mechanism is by scam emails or phishing emails. Once the email attachment is executed on the computer it shows the prompt of User Access Control. However, after executing the program it encrypts the Master Boot Record (MBR) and replaces it with a custom boot loader with a code to encrypt the full disk starting with MFT (Master File Tree) and leaves a ransom note to users. Upon successfully encrypting the whole disk of the computer it shows below ransom prompt.

Fig 1. Petya ransom screen.
Fig 1. Petya ransom screen.

Are we (Seqrite users) protected from this ransomware?

All Seqrite EPS users are protected from this ransomware infection where an exploit called EternalBlue targets the security vulnerability MS17-010. This is the same vulnerability which WannaCry Ransomware has been exploiting to spread. Seqrite IDS successfully blocks Eternal Blue exploit attempts. Seqrite’s Behavior Based Detection (BDS) also blocks and warns user of a potential attack under way. Just make sure all the security mechanism of Seqrite are switched ON.

Quick Heal Security Labs is continuously monitoring the threat and working on releasing updates to protect the threat at different layers. So please keep your Seqrite up-to-date with all the current updates that are regularly released.

Preventive steps and recommendations

  1. Avoid clicking on links in email received from unknown sender.
  2. Apply all Microsoft Windows patches including MS17-010 that patches the Eternal Blue Vulnerability.
  3. Make sure your Seqrite’s auto update is ON and is updated to latest.
  4. Ensure you take a backup of your data to some external disk regularly.
  5. Avoid login to computer with Administrative privileges. Work with user account that has standard user privileges and not administrative privileges.

If a threat is executed in my computer, can I still prevent my data?

If by mistake someone executes the threat on an unprotected computer by clicking on the link in the email and downloading the attachment, and if you see a BSOD (blue screen) that restarts your computer, you can still save your data by not restarting the computer. Just keep it switched off. When you see the BSOD screen and the system re-starts only the MBR is replaced and your data on the disk is still intact and it can be accessed by mounting the hard disk on some other clean system. Make sure you do not boot with the infected computer hard disk at that stage. Once mounted the data can be accessed and copied.

 Previous PostSeqrite Endpoint Security v7.2 receives BEST+++ certification fro...
Next Post  DOs and DON’Ts to stay safe from Ransomware (infographic)
Pradeep Kulkarni
About Pradeep Kulkarni

Pradeep Kulkarni is leading the IPS team in Quick Heal Technologies Limited. Having worked in the IT security industry for over 11 years, he has worked on various...

Articles by Pradeep Kulkarni »

Related Posts

  • BEC and Ransomware attacks unsettle businesses globally.

    BEC and Ransomware attacks increase during the pandemic

    January 22, 2021
  • Thanos Ransomware adopts hyper-weaponized RIPlace tactics — collects huge pay-offs.

    Thanos Ransomware Evading Anti-ransomware Protection With RIPlace Tactic

    November 18, 2020
  • Hackers ransack businesses by riding on the modern-day Trojan Horse.

    PonyFinal Ransomware dubbed by many as the modern-day Trojan horse.

    August 26, 2020

1 Comment

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

  1. A.S.Sai Kumar Reply to A.S.Sai to A.S.Sai Kumar'> Reply to A.S.Sai
    June 29, 2017 at 2:46 PM

    Thanks for giving for valuable information – Good / Excelent

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.