Whilst WannaCry is in the rear-view mirror for most of us, there’s a new threat looming over the horizon called Petya. Well technically it’s called NotPetya, but it is Petya. It’s a sequel. Bear with me.
The virus is thought to be a variant of a previous ransomware called Petya, which was created using stolen NSA tools. You might remember that this is how WannaCry started life as well. The name is a little confusing. If it were up to me I’d have called it ‘Petya 2: Return of the Petya’ or ‘Petya 2: Pet Harder’. That would have been both clearer and way cooler.
NotPetya, or Petya II or whatever we’re calling it, first infects a machine and then locks it down before requesting a mere $300 ransom to get back to normality. This morning the bitcoin wallet associated with the attack had the equivalent of £7,000, or about 40 transactions, inside it. Given the number of machines infected, that really doesn’t seem like much.
Early rumours suggest that NotPetya was created to do more than collect money, and may have been about political disruption. This is made credible by the fact that the inbox in which victims are meant to pay their ransom has now been closed by the operator.
With only 40 ransoms paid it’s clear that most people can’t or didn’t pay up. So, if you’re unlucky enough to be hit by this ransomware, or the next incarnation (hackers: can I please suggest ‘P3TYA’?) is there ever a reason to pay up?
Paul Harris, MD of Secarma, doesn’t think a ransom should ever be paid. He said: “You’re dealing with criminals, so there’s no guarantee that they’ll give you the decryption key after payment. If you do give them the ransom, you’ve also demonstrated your propensity to pay, so they’re more likely to come back.”
Petya – Another Global Ransomware Attack
If you’d like to know more about how NotPetya works, read a deep-dive into the inner-workings by Secarma, UKFast’s Cybersecurity Consultancy.
Ransomware is still relatively new, and you might feel like you’re all alone if you get hit by the virus, but it is a criminal matter and there are people you can call. Paul said: “If you’re hit with ransomware report it to Action Control in the UK, report it to the European Cybercrime Commission, the police, but don’t pay, because you’re dealing with a criminal – you don’t want to fund criminal terrorist activity”
In principal it’s easy to take the high-ground, but when it’s your own business in jeopardy, the idea of secretly paying up might start to look more attractive. The decision might be difficult one. It’s a situation which Paul sympathises with. He said: “If nobody ever paid ransomware, criminals would get bored and they’d try something else. It’s a hard decision to make, it’s a bit more personal if it’s your business and the choice is to go under or pay up”.
Even at the time of writing, there are already fixes and preventions being rolled out for NotPetya which enable those who’ve been attacked to reverse the problem. Whilst it might be increasingly tempting to gamble on getting back your data by paying up, those who have managed to wait out the ransom have been rewarded with the release of a fix.
Of course, the best action you can take against ransomware is a great defence. If you’re not already hit by ransomware or have recovered from a previous attack then now is the time to get serious about prevention. Paul concluded: “Make sure you have backups regularly, and a method of reinstating those back-ups. Everything that you need to do is in advance of being hit by ransomware.”