After Petya ransomware paralyzed connected systems worldwide, the Nigerian Communications Commission (NCC) has released a guide to ward off the menace in Nigeria.
Although the country is yet to report any case of the Petya ransomware attack, the NCC is saying individuals and organisations should take necessary precautions because the spread of Petya indicates many may still be vulnerable.
The telecoms regulator says the new ransomware that it likened to WannaCry is spreading around the globe speedily, and stressed Petya “…has a better mechanism for spreading itself than WannaCry”.
“The malicious software spreads rapidly across an organization once a computer is infected using the Eternal Blue vulnerability in Microsoft Windows. Like WannaCry, Petya ransomware takes over the computers and demands $300 paid in Bitcoin,” said NCC.
NCC stated three mechanisms by which Petya spreads to additional hosts to include:
- Petya scans the local system 24/7 to discover enumerate ADMINS shares on other systems, then copies itself to those hosts and executes the malware using PSEXEC. This is only possible if the infected user has the rights to write files and execute them on system hosting the share.
- Petya uses the Windows Management Instrumentation Command-line (WMIC) tool to connect to hosts on the local subnet and attempts to execute itself remotely on those hosts. It can use Mimikatz to extract credentials from the infected system and use them to execute itself on the targeted host.
- Petya finally attempts to use the ETERNALBLUE exploit tool against hosts on the local subnet. This will only be successful if the targeted host does not have the MS17-010 patches deployed.
“The general public is advised not to panic as demonstrated during the WannaCry attacks in May, 2017. Windows systems should be patched for this vulnerability by competent personnel,” NCC stated.
The Commission advised both individuals and organizations to note and observe the following to guide against the ransomware:
- Do not click on any suspicious or unknown links.
- Protect yourself when using public Wi-Fi.
- Do not visit unsafe and unreliable sites.
- Avoid clicking on links that leads to websites such as Facebook, Instagram, WhatsApp etc. Instead it is much safer to visit the site directly through their URL.
- If you receive a message or email with an attachment, try to verify authenticity of the sender before opening.
- Do not open attachments from suspicious senders.
- Store all your documents in ‘my document folder’.
- Keep your files backed up regularly.