The attack of the Petya virus was an unpleasant surprise for residents of many countries. Thousands of computers were infected, as a result of which users lost important data stored on their hard drives.
Of course, now the hype around this incident has subsided, but no one can guarantee that this will not happen again. That is why it is very important to protect your computer from a possible threat and not to risk in vain. How to do this the most efficiently will be discussed below.
Consequences of the attack
To begin with, we should recall the consequences of the short activity of Petya.A. In just a few hours, dozens of Ukrainian and Russian companies suffered. In Ukraine, by the way, the work of the computer departments of such institutions as Dneprenergo, Novaya Poshta and Kiev Metro was almost completely paralyzed. Moreover, some state organizations, banks and mobile operators have not saved themselves from the Petya virus.
In the countries of the European Union, the encryptor also managed to do a lot of trouble. French, Danish, English and international companies reported temporary malfunctions associated with the attack of the computer virus "Petya".
As you can see, the threat is really serious. And even despite the fact that the attackers chose large financial organizations as their victims, ordinary users suffered no less.
How does Petya work?
To understand how to protect yourself from the Petya virus, you first need to understand how it works. So, once on the computer, the malware downloads a special ransomware from the Internet that infects Master Boot Record. This is a separate area on the hard disk, hidden from the user's eyes and intended to load the operating system.
For the user, this process looks like the standard operation of Check Disk after a sudden system crash. The computer reboots abruptly, and a message appears on the screen to check the hard disk for errors and please do not turn off the power.
As soon as this process comes to an end, a splash screen appears with information about locking the computer. The creators of the Petya virus are required to pay a ransom of $ 300 (more than 17.5 thousand rubles) from the user, promising in return to send the key needed to resume the PC.
Prevention
It is logical that it is much easier to prevent the infection of the computer virus "Petya" than then to deal with its consequences. To secure your PC:
- Always install the latest updates for your operating system. The same, in principle, applies to all the software installed on your PC. By the way, Petya cannot harm computers running MacOS and Linux.
- Use current versions of the antivirus and do not forget to update its databases. Yes, the advice is banal, but not all follow it.
- Do not open suspicious files sent to your mail. In addition, always check applications downloaded from dubious sources.
- Back up important documents and files regularly. Itβs best to store them on a separate medium or in the cloud (Google Drive, Yandex.Disk, etc.). Thanks to this, even if something happens to your computer, valuable information will not be affected.
These simple recommendations will protect your computer not only from Petya, but also from other malicious programs.
Create a stop file
Developers of leading antivirus programs have figured out how to remove the Petya virus. More precisely, thanks to the research, they were able to understand that the cryptographer at the initial stages of infection is trying to find a local file on the computer. If he succeeds, the virus stops its work and does not harm the PC.
Simply put, you can manually create a kind of stop file and thus protect your computer. For this:
- Open the folder settings and uncheck the option "Hide extensions for registered file types."
- Using Notepad, create a new file and place it in the C: / Windows directory.
- Rename the created document, naming it "perfc". Then go to the file properties and enable the "Read only" option.
Now the virus "Petya", once on your computer, will not be able to harm him. But keep in mind that attackers can modify the malicious program in the future and the method of creating a stop file will become ineffective.
If infection has already occurred
When the computer goes to reboot on its own and Check Disk starts up, the virus is just starting to encrypt files. In this case, you can still manage to save your data by following these steps:
- Turn off the power to the PC immediately. Only in this way can you prevent the spread of the virus.
- Next, you need to connect your hard drive to another PC (but not as a boot!) And copy important information from it.
- After that, it is necessary to completely format the infected hard drive. Naturally, then you will have to reinstall the operating system and other software on it.
In addition, you can try to use a special boot disk to cure the Petya virus. Kaspersky Anti-Virus, for example, provides the Kaspersky Rescue Disk program for this purpose, which works bypassing the operating system.
Is it worth paying ransomware
As mentioned earlier, the creators of "Petit" require a ransom of $ 300 from users whose computers were infected. According to the extortionists, a key will be sent to the victims after paying the specified amount, eliminating information blocking.
The problem is that a user who wants to return his computer to a normal state needs to write to the attackers by e-mail. However, all E-Mail ransomware is quickly blocked by authorized services, so it is simply impossible to contact them.
Moreover, many leading anti-virus software developers are sure that it is completely impossible to unlock a computer that has been infected with Petya using any code.
As you probably understood, ransomware is not worth paying. Otherwise, you will not only be left with a non-working PC, but also lose a large amount of money.
Will there be new attacks
The Petya virus was first detected in March 2016. Then security experts quickly noticed the threat and did not allow its mass distribution. But already at the end of June 2017, the attack was repeated again, which led to very serious consequences.
It is unlikely that this will end. Attacks using ransomware viruses are not uncommon, therefore it is very important to constantly maintain your computer in a protected state. The problem is that no one can predict in what format the next infection will occur. Anyway, it is always worth following the simple recommendations given in this article in order to reduce risks to a minimum in this way.