SortaPeyta ransomware explained and we have a solution

The new cyber threat

A new global cyber-attack has hit with a similar reach to the previous WannaCry ransomware attack that infected more than 300,000 computers around the world last month.

In the first hours of the attack, researchers believed that this new ransomware was a new version of an older threat called Petya, but they later discovered that this was a new strain altogether, which borrowed some code from Petya, hence the reason why they recently started it calling it NotPetya, Petna, or as we like to call it SortaPetya.

 

Why this Ransomware is difficult to stop

When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all their files. We would advise never to pay the ransom.

Unfortunately, unlike WannaCry, there is no kill switch. However, researchers have found a vaccine which prevents the ransomware virus from running. SortaPetya searches for a local file and exits its encryption routine if that file already exists on the disk, so users can create a file on their computers, set it as read only which blocks the NotPetya ransomware from executing.

How to protect your organisation

For extra security, Radius Technologies would advise the following:

1. Vaccinate your Windows device NOW – see instructions below
2. Bring all Microsoft vunerability patches fully up to date on your machines
3. Send an email (or forward this email) to every user in your organisation to let them know NOT to click ANY links within an email or open an email with encrypted content until first cleared by yourselves. For information on services such as BlockMail, please contact the radius sales team.
4. Ensure that you have Blended Threats in place and fully active across your organisations mail boxes. Again, contact Radius for more information on this.
5. Discuss with the Radius tech team about putting a rule in place to block encrypted attachments.

 

NB: Below is a way to ‘vaccinate’ your Windows based PCs/Laptops and other devices – simply follow the instructions for your browser of choice and you can vaccinate against this current threat in a matter of less than a minute.

Instructions for running the Petya patch for Google Chrome (Sections below refer to Internet Explorer, Edge and Mozilla Firefox

1)      Copy and paste the following link into your browser to download the batch file https://download.bleepingcomputer.com/bats/nopetyavac.bat

2)      In the bottom left you will see the notice below..  Click Keep

 

 

3)      You will now see the file in the bottom left corner click the arrow to the right of the file then click show in folder

 

 

 

 

 

4)      You will now see the file in your downloads folder, right click the nopetyavac.bat and then left click run as administrator

 

 

 

 

 

 

 

 

5)      A windows User account control will pop up click Yes to allow

6)      The following window should appear to confirm that the patch was successful.  Please make sure it says Computer Vaccinated for Current version of Notpetya/Petya/Petna/SortaPetya

 

 

 

 

 

 

For Internet Explorer and edge browser

1)      Copy and paste the following link into your browser to download the batch file https://download.bleepingcomputer.com/bats/nopetyavac.bat

2)      At the bottom of the window you will see a windows run banner, click save.

 

 

 

3)      Next Click on Open Folder

 

 

 

 

4)      You will now see the file in your downloads folder, right click the nopetyavac.bat and then left click run as administrator

 

 

 

 

 

 

 

 

5)      A windows User account control will pop up click Yes to allow

6)      The following window should appear to confirm that the patch was successful.  Please make sure it says Computer Vaccinated for Current version of Notpetya/Petya/Petna/SortaPetya

 

 

 

 

 

For Mozilla Firefox

1)      Copy and paste the following link into your browser to download the batch file https://download.bleepingcomputer.com/bats/nopetyavac.bat

2)      Click Save File

 

 

 

 

 

 

3)      In the top right you will see the Mozilla download arrow, click the then click the tiny open folder icon to the right of the nopetyavac.bat file

 

 

 

 

 

4)      You will now see the file in your downloads folder, right click the nopetyavac.bat and then left click run as administrator

 

 

 

 

 

 

 

 

5)      A windows User account control will pop up click Yes to allow

6)      The following window should appear to confirm that the patch was successful.  Please make sure it says Computer Vaccinated for Current version of Notpetya/Petya/Petna/SortaPetya