top of page

How To Protect Yourself Against Petya Ransomware

The latest attack the world has seen recently is a variant of the Petya ransomware virus. As of this writing, it appears a new variant of Petya has been released with EternalBlue exploit code built in, which WannaCry utilised to propagate around organisations.

Unlike WannaCry, Petya is a different kind of ransomware. Common delivery methods are via phishing emails, or scams. The payload requires local administrator access.

Prevention Tip #1: The malware requires administrator rights to the local computer. Standard users should not have this in permission. Consider restricting who has local admin rights to prevent execution of exploit code within organisations. Home users should also consider using a Standard User Account for day-to-day operations.

Once executed, the system’s master boot record (MBR) is overwritten by the custom boot loader, which loads a malicious kernel containing code that starts the encryption process.