A new ransomware attack has started spreading recently (see my previous post for a description of ransomware and tips to protect yourself). This new software known as Petya or GoldenEye is similar to the WannaCry ransomware that hit about a month ago but security researchers say this one appears to be more sophisticated. Most importantly it does not have the “kill switch” that was used to stop WannaCry.
Petya spreads in multiple ways. It uses the same EternalBlue vulnerability used by WannaCry but it also appears to be spread through Microsoft Word documents with malicious macros embedded.
If you haven’t already patched your systems you need to now. Microsoft has made patches available for Windows XP so even if you have an old system you should be able to get patches.
Lastly, never open any email attachments from suspicious emails; emails from people you don’t know, emails that don’t match what people you know normally send you, or emails you aren’t expecting. For attachments that you believe are legitimate I suggest saving the attachment to local file and scanning it with your anti-virus software before opening.
Here’s how to do that:
- In your email client or web browser select the email message with the attachment
- Right click on the attachment and select Save As from the context menu that opens
- Save the file where ever you like
- Open Windows Explorer and navigate to the file you saved
- Right clock on the file and select Scan from the context menu that opens