Everything you need to know about ransomware including the latest Petya attack, how to protect your PCs and laptops and what to do if you’re affected.
Following the WannaCry attack in May, there’s a new ransomware spreading across the world: Petya. Ransomware stops you from accessing any files on the ‘infected’ computer until you pay the ransom. Here we explain what you need to do to protect your precious data.
As with WannaCry, it’s businesses that are suffering the most from this latest attack, seemingly having failed to install the necessary patches to fix the vulnerability — the same one Petya is using now.
The new ransomware is being called NotPetya or GoldenEye. That’s because Petya was first seen in 2016, but it appears to have been re-released with better encryption and — according to reports — no similar flaws to WannaCry which allowed it to be halted in its tracks.
It’s a malicious program that’s like a computer virus. It’s designed to scan your hard drives and encrypt as many files as it can so you can’t access them. The files are still there and you have to pay a sum — the ransom — in order to get your files back. This is usually done via Bitcoin, as it’s anonymous. Related article: Best antivirus 2017
Sometimes, manual human intervention is required of the hackers to decrypt your files once you’ve paid. But since you’re dealing with criminals, there’s no reason to think they will do what they promise. So most experts recommend you don’t pay.
As we explain below, WannaCry was stopped but the group responsible for leaking the vulnerabilities — Shadow Brokers — had already said it would leak more in June. A Reuters report outlines the blog post from the group which says it is «setting up a monthly data dump» that it will sell to anyone willing to pay.
It says that the exploits will enable criminals to code malware that will break into web browsers, phones, routers and Windows 10 systems. However, you can use our tips below to help keep your computers and files safe.
Like a lot of malware, it can arrive as an email attachment. This method relies on computer users opening the attachment, or clicking on a link in an email, which causes the program to run.
People often open these attachments or click links out of curiosity, because the sender is someone in their address book. So the best advice is not to open anything you don’t completely trust.
Petya then encrypts all the files and documents on the computer so the user cannot open them.
Some people say that it encrypts only the first 1MB of data in each file, which could allow most data to be recovered large files.
In general, home users should not be affected by this particular piece of ransomware. It exploits the same ‘EternalBlue’ vulnerability as WannaCry. Microsoft issued a patch for all versions of Windows which were supported at the time back in March 2017.
Since Windows defaults to installing updates automatically, the patch should already be installed. The security update would have protected Windows Vista, Windows 7 and Windows 8.1 systems which had automatic updates turned on.
If your computer runs Windows 10, it should be protected, too.
The EternalBlue vulnerability relates to computers running the business version of Windows, specifically those using the SMB network file system. This is why we’re hearing that companies such as Merck and Maersk have been hit by this new wave.
At the time of the WannaCry attack only older versions of Windows which are no longer supported were vulnerable, including Windows XP and Windows 8.
Microsoft issued a security patch for Windows XP and Windows 8 – a very unusual step for unsupported operating systems – which you can download from the links on Microsoft’s blog .
You can check if your computer has the necessary patch installed using this free tool which you can download from our German sister site PCWelt (the tool is in English) .
If you have Windows Update enabled on other versions then you will already be protected against WannaCry, NotPetya and any other attacks which use the same vulnerability.
If you’ re not sure, then open the Control Panel (you’ ll find a link in the Start menu) and search for Windows Update. Click through to Windows Update and you’ ll be able to check if it’s enabled or not.
There should be a button ‘Check for updates’ which you can click to force Windows to search and install critical updates.
But don’t stop there, sit back and consider you’re safe. Follow our advice to keep your files safe from ransomware.
The best protection is to have at least one (if not two) copies of any files you can’ t afford to lose. Photos, home videos, financial documents and other files that can’ t be replaced should be backed up regularly.
Ransomware is often clever enough to scan your home network and infect other computers and even network storage drives (NAS drives) so it’s really important to make a backup on a USB stick or external hard drive that you disconnect and keep safely somewhere.
You can find our pick of the best backup software here .
You, as the computer user, are often the weak link in the chain. Windows and antivirus software – see below – can help to protect you from ransomware attacks, but you can help yourself by being extremely cautious about which email attachments you open and which links you click.
Typically, emails from hackers won’ t contain a personal message, or it will be so generic that you can’ t be sure it’s really from the person in the ‘sender’ field.
In WannaCry’s case, at least some of the emails pretended to be an important email from a bank about a money transfer.
Either just delete the email, or call the sender and ask them if they sent the email and what is in the attachment, or on the other end of the link. Unless you are absolutely sure the attachment is safe, don’ t click on it.
Most but not all antivirus software now contains ‘anti-ransomware’ that should help protect your PCs and laptops from WannaCry and other ransomware.
That’s why it’s important not to rely just on Windows’ own security but to add an extra layer of protection.
Check out our list of the best antivirus to make sure you’ re running one of our recommended packages. Our favourite is BitDefender, but there are plenty of other great options to choose from too.