Petya - malicious code

The best way to respond if it has been hacked is to disconnect the internet from the computer, delete the entire hard drive and reset the data from the backup source.

A series of business organizations around the world including big companies like WPP, Mondelez food, DLA Piper Law Firm and Danish Maersk transport are data locked and ransomed by ransomware Petya , Olivia Solon - Technology correspondent of The Guardian, UK, wrote on the latest issue.

Like WannaCry, Petya is spreading across Microsoft Windows-based computers; So what is this malicious code and if it is infected, how should users "emergency" their computers?

Picture 1 of Petya - malicious code
Maersk transport company was attacked by the network.(Photo: EPA).

What is Ransomware?

Ransomware is a type of malware - malware , capable of blocking users from accessing their computers or data. The victim must pay a ransom amount if he wants to retrieve the information.

How does Ransomware Petya work?

Petya infiltrates the computer through malicious links that are distributed online , usually via email and links on websites that are not guaranteed. The victim must pay $ 300 (paid by Bitcoin) if he wants to own the data from Hacker.

After penetration, the malicious code uses the EternalBlue (security vulnerability) in Microsoft Windows to attack the computer. Although Microsoft has released patches to prevent the attack of this software, there are not many users known and installed.

'Petya's system has a better mechanism to invade and spread than WannaCry,' said Ryan Kalember, a network security expert with Proofpoint, USA.

Where does the attack start?

According to the Ukrainian Network of Police, it seems that the virus has been implanted into the updated mechanism of an accounting software that companies use with government or use. This explains why so many Ukrainian organizations are affected.

A series of government agencies, banks, the state, the airport and the metro system of Kiev were struck down by the attack.

Even the radiation monitoring system at Chernobyl was disconnected, the staff here were forced to use handheld devices to measure the amount of radiation in this used nuclear plant area.

If detection is under attack, what can users do?

The sign Petya is encrypting data is that the computer suddenly requires a restart and a notice board appears as shown below.

Picture 2 of Petya - malicious code
HackerFantastic shares how to respond when attacked.(Photo: HackerFantastic).

At this time, the user must remove the plug of the computer from the power, turn it off and absolutely not reopen if you want to protect the data @HackerFantastic said on Twitter social network.

If the computer has already restarted and a ransom bulletin board appears on the screen, the user is absolutely not allowed to pay according to the information provided by the hacker. The attacker's email address has been disconnected, so even if there is a tribute, the victim cannot get the "unlock code" for his computer.

The best way to respond if it has been hacked is to disconnect the internet from the computer, delete the entire hard drive and reset the data from the backup source.

In addition, in case of recurrence, the owner should back up data as well as update anti-virus software regularly.