According to Sharda Tickoo, Technical Head, Trend Micro India said, “In India, so far we have no cases of Petya that have been reported to us. The countries most affected are Europe, typically Ukraine and Russia. We would recommend the companies to maintain an important hygiene of updating systems with the latest patches, or consider using virtual patching in their absence. Take regular back-up of necessary data and proactively monitor the systems for any suspicious activity. And most importantly, because it is a ransomware, we have to secure the email gateway first. There are also certain URL categorizations that should be employed in work environment which can block access to malicious websites. Ensure that all the workstations have least privilege unless any workstation actually requires administrator privilege, as the ransomware spreads and tries to escalate the privileges. As it uses certain administrative tools like power shell, ensure that these utilities are restricted to administrators.” Pointing out the similarities and differences between other ransomware,she further added, “There are a lot of similarities that are being drawn between Petya and WannaCry. WannaCry was a very basic form of ransomware attack and it used worm like techniques. Petya seems to be a thorough ransomware which uses different modalities. It is using EternalBlue vulnerability. It leverages multiple infection vectors not just one. The Petya ransomware modifies the Master Boot Record (MBR) and encrypts the system files. Once the MBR is modified by this ransomware, the system displays the ransom note instead of a black or blue screen. While the normal ransomware does not touch the MBR, but encrypts files and asks for ransom. The Petya ransomware is a combination of a wiper and a ransomware, because it wipes the MBR.”
