You don’t need us to tell you how terrible ransomware can be. You’re likely already nervous enough about it entering your organization’s infrastructure or it already has. Ransomware continues to threaten high-profile targets, many of which rely heavily on access to mission-critical files and other records stored on their infrastructure, like hospitals and large enterprises. As a CIO, it’s your responsibility to stay up to date on the latest threats, as well as how to fix them.
That’s the problem with most ransomware, though; there isn’t really a fix – not a real one, anyway. The encryption used on the files is often military-grade or of a similar quality, making it nearly impossible to crack under normal circumstances. In most cases, users either have to pay a ransom for the safe return of their files, or restore a backup copy of their data from before the infection took place. Under the duress and crippling fear of losing access to files for good, organizations often have no choice but to pay up and accept the terms provided by the hackers responsible for the infection.
In fact, even the FBI recognizes the value of paying hackers for the safe return of a user’s files. Generally speaking, the FBI suggests contacting them in the event of a ransomware infection, but they won’t directly advise how to resolve the problem. They will provide a set of options that your business has, but more often than not, the easiest way to get your files back is to just pay the hackers. “The ransomware is that good,” Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program told Boston’s Cyber Security Summit in October. “To be honest, we often advise people just to pay the ransom.”
However, this simply isn’t the case with a new type of ransomware called Petya, to which a fix does exist. Here’s what Petya does, and what you can do to decrypt your files.
What Petya Does
Petya is typically distributed via email phishing campaigns that contain Dropbox links to files that will install the ransomware. Once the installation has been run, Petya will cause the computer to reboot and the ransomware will encrypt the files stored on it. Petya is unique in that it targets parts of the hard drive: the Master Boot Record (MBR) and the Master File Table (MFT). This allows the malware to infect the PC before Windows even starts, and the computer will essentially forget which files are stored on it, including the operating system. Users will be provided with instructions on how to pay the ransom.
How to Fix It
Thankfully, the Petya ransomware has been cracked, thanks to an enigmatic individual called leostone. Leostone created ,an algorithm that can decrypt the files on a computer infected with Petya. There are some other prerequisites that you require in order to pull off this trick, like having a secondary computer to attach the infected hard drive to, but it’s nothing that a seasoned IT professional can’t handle. You can find detailed instructions on how to decrypt your files in this BleepingComputer blog post.
Even though there’s a fix for Petya, most ransomware aren’t as convenient. As we mention above, there are only two solutions to the problem of ransomware; either pay up, or restore a backup. There’s also the moral implication of paying for the removal of ransomware. By paying up, you’re basically providing funding for hackers to hit other innocent businesses with.
In most cases, it’s much more efficient to prevent a ransomware infection from happening in the first place. This way, you don’t have to deal with the frustration of downtime, and the humiliation of paying hackers for your files. Be sure to follow the following security best practices in order to prevent future ransomware attacks:
- Educate your staff on best practices: The best way to keep your team from downloading malicious content is by educating them on what to look for. Teach them how to identify potential threats, and how to avoid them.
- Ensure your infrastructure is using enterprise-level security solutions: Having a spam-blocking solution, as well as antivirus and firewall protection, can help to keep not just ransomware, but other threats out of your system as well.
- Keep your systems up to date: Malware often uses security flaws in software or operating systems to infiltrate and infect your network. Be sure to keep all of your technology solutions up to date with the latest patches and security updates, including your antivirus program’s threat dictionary.
- Always keep a backup handy: You should always be taking backups of your organization’s data and storing them in multiple locations. At least one of them should be stored offline, where ransomware and other threats can’t reach them.