Looking back over the past few weeks I realize I’ve fallen down on my job of terrifying you with news of the latest technology boogeyman. There’s a new ransomware in town and this one gets down to business in a hurry. Dubbed Petya by security company F-Secure, this vicious piece of malware works in a similar fashion to its brethren by encrypting data and holding it for ransom, with a twist: instead of encrypting just your documents, it will “kidnap” the entire disk by encrypting the master file table, and it can do so very quickly because the MFT is just the “index” of all the files on your drive. If you were to think of your drive as a book, this is the equivalent of putting a lock on the cover and holding the key for ransom.
What this means for you:
At minimum, any virus infection is going to result in a bad day even if you have a full backup of your important data. Before your data can be restored, you need to be certain the malware hasn’t spread to other machines and is waiting to pounce the moment you get the data restored. With previous versions of ransomware, the attack would leave affected machines more or less operational as the malware only encrypted documents and usually left applications and the operating system intact. Not so with Petya which locks out the entire disk. If this malware were to attack a server, it could paralyze an entire company within seconds. If you though recovering and cleaning up a workstation took a long time, double or triple the time needed to bring a server back online, and that’s only if you had full-disk backups and not just files. A malware attack is inevitable – no amount of money, time or paranoia can provide 100% protection. Your only hope for a recovery is proper data backups managed by an experienced professional. Are you ready to test your backup plan?
Image courtesy of Zdiviv at FreeDigitalPhotos.net