NotPetya: Yet Another Ransomware Outbreak

The WannaCry ransomware virus has become a distant memory for many. For some WannaCry and its variants came and went without doing damage. Others weren’t so lucky. What we are learning (once again) is how critical it is to be prepared against a ransomware outbreak. The fact that the ransomware threat is ongoing and not leaving the scene of the cybercrime anytime soon is underscored by the latest malware to hit the unprotected computer environment and make headlines: NotPetya.

The NotPetya ransomware breakout appears to have started in Eastern Europe and is spreading west. From what we know at this time, a Ukrainian accounting software application is the suspected source; NotPetya was apparently hidden in a software update. As you might expect, NotPetya was named after the Petya ransomware because it masquerades as that ransomware.

What about that ransom?

The NotPetya ransom payment mechanism has been disabled; that is, the email ID associated with cybercriminal’s Bitcoin account was blocked by the email ID’s provider, according to a source. In other words, there is no way to pay even if you want to. At this point of the outbreak, the purpose of this malicious virus is to attack systems quickly and cause as much damage as possible.

NotPetya is considered more dangerous than the WannaCry virus, which was so devastating because it paralyzed infected computers and then caused application failures for systems that had a dependency on Windows operating systems. Hundreds of victims paid various amounts of ransom in Bitcoin in exchange for a decryption key. If there was anything good about WannaCry, it was that it warned IT admins and others to keep their Windows operating systems up to date with the latest patches.

So, what’s the point?

It’s important to remember that cybercriminals who seek to infect systems with ransomware or spread any other form of malware are criminals; cybercriminals to be sure, but criminals just the same who might have no other purpose than to simply cause damage. In the case of NotPetya, this ransomware spreads more effectively than WannaCry and not only encrypts data but also extracts credentials to other machines and systems.

Similar to the WannaCry virus, the purpose of NotPetya is to infect Windows 10 computers. Fortunately, the Windows 10 Credential Guard spots NotPetya’s password extraction from memory. Ransomware running in the Windows 10 operating system with administrative privileges cannot extract credentials. Read more about Windows 10 Credential Guard.

Mozy can help you defend against ransomware

Mozy by Dell can help you protect your environment from the NotPetya ransomware. Here’s how:

   •     Immutable copy: Mozy uses a proprietary encryption and encoding mechanisms to store backups which prevents any          execution of code within files that have been backed up. Mozy backups are entirely separate from your computer.
   •     Point-in-time backup and restore: Mozy uses file versioning, allowing the end user or administrator to restore the entire          backed up data set or individual files and folders from any point in time; up to seven years for MozyPro and          MozyEnterprise, and 90 days for MozyHome. This allows you to easily go back to a healthy version of your files.
   •     Automatic backups: Mozy provides automatic backup as frequent as every two hours, providing highly granular point in          time backup to recover from.
   •     Self-service restore: Mozy provides the ability to the end user to perform their own restore from the Mozy agent or the          Web Access interface.

Avoid a ransomware disaster

To learn how you can use Mozy as a second line of defense for your data and to prevent a ransomware disaster, visit Mozy by Dell.

Other Mozy blogs about ransomware

For more information about ransomware and what you can do to increase your defenses:

   •     Educate your users and yourself
   •     Take a multi-layered approach to protection
   •     WannaCry? You will if you don’t back up