Petya became the headline after infecting tens of thousands of computers around the world. Worse, Petya 2017/NotPetya that attack this time is not ordinary ransomware like original variant (Petya 2016). Instead of a ransomware that focuses on money, this latest Petya is a wiper whose ultimate goal is destructive. (Read: Petya is Wiper, not Ransomware so what’s the difference?)
But like the case of malware in general, there are things you can do to protect your computer from infection Petya. Here is How to prevent Petya infecting PC Windows 10/8.1/7 and lowering your computer’s risk of getting infected.
- Make sure your Windows is up to date with the latest security patches. Because one of these methods of spreading Petya is through the same exploit gap as WannaCry, then make sure the MS17-010 patch is already installed on your Windows.
- If not in use, you can turn off the SMBv1 feature to prevent deployment
- Do not open and run file attachment carelessly sent by an unclear party.
- Make sure you always regularly backup important data, either locally or online through the cloud.
- If you are an admin from an office computer, or a public computer, make sure not to grant admin access to users. Enable only users with privileges other than local administrators.
- Show file extensions in File Explorer, so you’re not easily fooled with fake attachments.
What if affected Petya?
When infected with Petya, the computer will display a message like:
DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOUR DATA! PLEASE ENSURE THAT YOUR POWER CABLE IS PLUGGED IN!
A fake scandisk display will appear. These are moments where Petya is trying to destroy your data. If you get the message, immediately turn off the computer to stop the process. If the computer is dead and the Master File Table has not been encrypted, then your data can still save you.
Also disconnect the LAN & WiFi network connection to prevent spread. You can also disable macro services in Microsoft Office, and enable firewall to block ports 139, 445 and 3389 temporarily until the entire process of data backup and patch updates on other computers is complete.
And if you are too late with the position of all corrupted data, then never pay a ransom. This is because Petya variant this time is Wiper, not ransomware. Data that has been corrupted can not be repaired even though you have paid the ransom.