Researcher cracks Petya ransomware encryption

Ransomware – a form of malware that encrypts users’ computer files until they pay a bitcoin fee for a decryption key – has been in the news a lot this year as strains including Locky, Maktub, Samas/Samsam/MSIL.B/C and Petya have spread like wildfire via phishing emails and cyber attacks on poorly secured servers.

Only yesterday I blogged about a new ransomware campaign spread by phishing emails that feature recipients’ home addresses. And, as I’ve discussed in the weekly IT Governance podcast, several US hospitals have fallen victim to ransomware attacks in recent weeks: Hollywood Presbyterian Medical Center in Los Angeles, Kentucky Methodist Hospital, Chino Valley Medical Center and Desert Valley Hospital in California, and MedStar Health – the operator of ten hospitals and 250 outpatient clinics in Maryland and Washington, DC – were all hit. Some even paid the ransom.

Petya ransomware

Last month, Trend Micro reported that Petya was encrypting hard drives rather than files, having been spread via phishing emails that purport to link to job applicants’ CVs stored on Dropbox.

Now, however, there’s some good news: Twitter user @leo_and_stone has created a tool that enables victims of Petya to access their files without having to cough up. Computer forensics expert Lawrence Abrams has put together a guide to using the tool to unlock a Petya-encrypted computer in seven seconds.

If your systems have been stricken by Petya, visit https://petya-pay-no-ransom-mirror1.herokuapp.com/ to unlock your computer.

Ransomware phishing

Not all ransomware is as easy to reverse-engineer, though, and new strains are emerging weekly. The ransomware threat is increasing dramatically, and businesses need to be proactive to protect themselves.

Whatever your line of business, the threat of ransomware infection spread by phishing emails is one that you need to take seriously: if one of your employees mistakenly opens a phishing email and installs ransomware on your systems, your entire corporate network could be put at risk.

This is why it is so important to ensure that your staff understand the threat that phishing poses and can recognise phishing emails.

IT Governance’s Phishing Staff Awareness Course educates staff on the risks of spoof emails, helping your team understand how phishing works, what tactics cyber criminals employ, and how to spot and avoid phishing campaigns.

Combine this with our Simulated Phishing Attack, which enables you to identify potential vulnerabilities among your employees and provides recommendations to improve your security.

phishing