petya/PetrWrap Ransomware uncovered
A new ruthless malware has plagued across the world overnight named PetrWrap a variant of the Petya virus. The virus is similar to WannaCry in the way it attacks the Windows Server Message Block (SMB) service, which is used to share files across local networks. This variant also tries to hack the admin password so it can spread itself across the network utilising the windows remote admin tools.
PetrWrap hit Europe with an assault on Tuesday targeting high-profile businesses rendering their devices useless. Webroot released a statement saying, "Once the machine is infected, the computer will immediately restart to what looks like a ‘chkdsk,’ (check disk) but isn’t“ Below is an image of what the check disk looks like.
Once the fake check disk has completed infecting your computer, it will reboot and give you the following message
How Can Evolve IT Help?
Evolve IT has been working with its security partners Webroot and Sophos to ensure that our clients were protected from the virus. Both of our partners have since released statements saying that the variant is now blocked.
One of the great things about these two anti-virus products is that they update in real time. If a new virus is identified on the other side of the world in most cases, the security companies will release a virus update promptly to ensure other devices are not infected with the same virus.
If you do not have an anti-virus on your home or business PC, I would strongly recommend downloading a free trial of one of these products to ensure you are protected.
A good anti-virus will only get you part of the way and end user security awareness is also required. Being a similar virus to WannaCry have a look at our WannaCry blog post to ensure you have all the knowledge required to protect yourself from PetrWrap.