It is identified that Petya extortionist making the whole world "crazy" is probably more dangerous than WannaCry. Bkav recommends system administrators to thoroughly scan the server because with WMIC and PSEXEC, malicious code can be easily infected from one server to the entire system with the same domain.
According to Bkav experts, Petya malware is spreading rapidly through a Windows SMBv1 vulnerability which is similar to the way WannaCry ransomware infects; But more dangerous, this malicious code also make use of WMIC and PSEXEC tools to spread to other computers in the network. (Image Source: WhiteHat.vn)
In a report released today, June 28, 1974, of a large-scale cyberattack of attacks in the world, June 27, Bkav said that when WannaCry attacks have not ended yet, another malicious code is making the world "crazy". This malicious is a variant of Petya, called Petrwrap, causes to paralyzing of many banks, airports, ATMs and some large European businesses.
Bkav also said that Petya is a ransomware "extremely annoying" and unlike any blackmailing malware. Petya does not encrypt files on a target system one by one. Instead, the malicious code restarts the victim’s machine and encrypts the master file of the hard drive (MFT) and causes the Master Boot Record (MBR) to stop working; restricts access to the entire system by getting information about the file name, size and location on the physical disk. Ransomware Petya replaces the computer's MBR with its own malicious code, displays a ransom message, and causes the computer to not run.
Chart shows the amount hackers collected from victims of extortion malware Petya (Image Source: Bitinfocharts)
At present, 35 ransom transactions are made with a total amount of nearly $ 9,000. However, because most users have known the information that the ransom was not recovered even if paying, so from 9h30 this morning there are no additional payment arising.
Talking to ICTnews, representative Bkav said till present, the spread of this new type of malicious code is mainly in Eastern European countries. Bkav's monitoring system is still under review and there is no specific information on the number of PCs in Vietnam infected with Petya blackmail.
To prevent the risk of malicious attacks, experts Bkav recommends that users should back up your data regularly, update patches for the operating system, and only open text files received from the Internet in an environment isolated Safe Run.
Users also need to install antivirus software on the computer permanently to be protected automatically. Users of Bkav Pro or Bkav Endpoint are protected against this type of malware.
Specifically, for system administrators, experts recommend Bkav should review server system carefully because malicious code can easily infect the entire server from a system in the same domain with the WMIC and PSEXEC.