Petya

This malware spreads primarily through phishing emails containing infected attachments or through vulnerabilities in outdated operating systems, such as the infamous EternalBlue on Windows systems. After infecting a computer, Petya restarts the system, encrypts the MBR, and shows a ransom note demanding payment in cryptocurrencies to restore the machine to normal use.

• Encrypts the MBR, not only files.
• Renders the system unusable.
• Masquerades as a Windows update.
• Uses network propagation mechanisms.

Although similar to Petya, NotPetya is even more destructive. This malware spread rapidly in 2017 through a compromised update of the M.E.Doc Ukrainian software. Rather than financial gain, NotPetya was designed mainly for data destruction, which made it a wiper rather than ransomware.

Symptoms include: unexpected reboots, inability to access the operating system, ransom notes with messages in red demanding payment in Bitcoin. It is very important that you do not pay the ransom. Many variants such as NotPetya do not enable data recovery even if payment is made.

Your best defense is an advanced cybersecurity solution such as the Panda Dome product line, combined with good digital practices:

• Keep your operating system and software always up to date.
• Do not open attachments or links from unknown senders.
• Use secure passwords and a password manager such as Panda Dome Passwords.
• Back up your files regularly.
• Protect your connection with Panda Dome VPN.

1. Disconnect your device from the network or Internet to prevent the malware from spreading further.

2. Do not pay the ransom. It does not guarantee data recovery.

3. Use a safe boot disk to try to regain control of the system.

4. Contact Panda Security Support.