![](https://i0.wp.com/techtrendske.co.ke/wp-content/uploads/2017/06/Petya-Ransomware.png?fit=714%2C400&ssl=1)
Many any organizations in Europe and the US were last week crippled by yet another ransomware attack known as āPetyaā. This is the second major global ransomware attack after WannaCry in just two months.
PetyaĀ is a new variant of theĀ Petya ransomware familyĀ and was first discovered in 2016. It encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer. This new variant is particularly virulent because it uses multiple techniques to spread automatically within a companyās network once the first computer is infected.
The Peyta cyberattack has now struck computers in at least 65 countries and is spreading at an alarming speed in other countries. Peyta is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017.
Unlike WannaCry,Petya attempts to spread internally by breaking admin passwords and infecting other PCs on the network using remote admin tools. ItĀ can also spread internally by infecting network shares on other computers.
Read>>Infographic: Understanding the WannaCry Ransomware
According to an article pubished on TechCrunch, analysts think Petya āransomwareā was built for targeted destruction, not profit. āāThe malicious softwareās code and other evidence indicate that the profit motive may have been a camouflage for an act of cyber-espionage targeting Ukraine.āā the article said.
Ransomware is one of the most widespread and damaging threats that internet users face. Since the infamous CryptoLocker first appeared in 2013, āWeāve seen a new era of file-encrypting ransomware variants delivered through spam messages and Exploit Kits, extorting money from home users and businesses alikeā, says Harish Chib, Vice president Middle East and Africa, Sophos
According to Chib, Sophos Endpoint Protection products are protected against this new ransomware variant so their customers have nothing to worry about. He notes that Sophos Intercept X customers were proactively protected with no data encrypted, from the moment this new ransomware variant appeared.
To avoid such attacks, Sophos is urging users to ensure systems have the latest patches, including the one in MicrosoftĀ MS17-010Ā bulletin. Users should also consider blocking the Microsoft PsExec tool from running on usersā computers using Sophos Endpoint Protection. They should also back up regularly and keep a recent backup copy off-site and also void opening attachments in emails from recipients you donāt know.