6 steps to survive the next NotPetya/FakeCry attack

Both NotPetya and FakeCry proved to be something different than they seemed to be at the first sight

Protect computer from the next FakeCry/NotPetya

Thousands of computer users were doomed by the massive ransomware outbreak at the end of June 2017[1]. The virus to blame was a ransomware known as NotPetya, which security experts first identified as Petya ransomware.

However, a little later on it turned out that this ransomware, unlike the rest of viruses that fall into the same category, didn't work as an extortion tool. It worked as a wiper that corrupts files for good, leaving victims no hope to restore their records in any way.

Around the same time, another virus emerged, which looked exactly like the infamous WannaCry. Only a close analysis of the virus revealed that it was a fake copy of it, later dubbed as FakeCry[2].

Considering the success of NotPetya, FakeCry ransomware attack went almost unnoticed. The virus even used the same distribution technique like its more successful rival did. An interesting fact is that FakeCry mainly attacked Ukraine[3].

FakeCry worked as a typical ransom-demanding virus. It generated an RSA-2048 key pair, encrypted files or disks, deleted Volume Shadow Copies from the system to prevent easy data recovery.

The infiltration technique

Both viruses were distributed the same technique – via compromised MEDoc updates that contained the ransomware. MEDoc is Ukraine’s most popular tax accounting software[4]. According to security researchers, the company’s computer networks were hacked, and one of the upcoming software updates was compromised. It was later pushed by MEDoc to company’s customers.

It is clear that such infiltration technique can turn even the most attentive computer users into ransomware victims. The question is, can such cyber attacks be blocked and if yes, how?

Protect your computer from the next FakeCry/NotPetya

Can we ever be prepared for the next FakeCry/NotPetya? The answer is negotiable. However, we believe that it is clearly possible to minimize the risk by following tips by cybersecurity experts. Surviving a ransomware attack requires some advanced preparation. Here is what you can do to prepare yourself for the next ransomware outbreak:

  1. Install an anti-malware software. It is the number one and the easiest method to instantly boost your computer’s protection with minimal effort. Do not forget to enable automatic updates for it so that you could have the latest and the most advanced version of the anti-malware to keep your PC protected from the most recent viruses and spyware.
  2. Create a data backup. It is another must-do if you’re trying to protect your computer and your data from destructive computer viruses. It costs nothing to create a backup, especially if you have a high-capacity USB, hard drive or another portable data storage device. Simply create copies of important files and export them to the device and unplug it from your computer then. Store it in a safe place.
  3. Continuously update programs that you have on your computer system. Ideally, enable automatic updates. Although this tip sounds ridiculous after hearing about the FakeCry attack vector, remember that there are more viruses that target outdated software and operating system flaws, besides, an up-to-date anti-malware will block malicious updates to prevent the ransomware from crippling all of your files.
  4. If you use any remote desktop programs or if you allow someone to access your computer remotely, use extremely strong passwords for these accounts. You should never use “123456789,” “qwerty” or “[yourname]123” or other silly and easily brute-forced passwords. Hackers use special programs that can automatically find the correct password by attempting to enter thousands of different combinations. We suggest you use upper and lower letters, no less than eight symbols and include at least one uncommon symbol. This way, it would take years for the attackers to find the right combination.
  5. Be smart while browsing the Internet. Remember that scammers are perfect liars and they can do and write anything to convince you to open that malicious file. They might send them via email[5], pretending to be employees of reputable companies, they might convince you that you just got a subpoena or invoice, or that you need to confirm a payment that you have just received. Follow your common sense and think whether the email is legitimate. What is more, inspect sender’s address and if it looks suspicious, delete such email.
  6. Although this can be hard, you must learn how to identify scam pop-ups and alerts and how they differ from legitimate ones. A good example is “The “HoeflerText” wasn’t found” scam. Fraudsters hacked many legitimate websites and made them display a deceptive message saying that the victim has to install a font pack in order to see website’s content. If a such or similar message asking you to install something appears, better search the web about it and see if it is normal and legitimate. If you suspect something, better close the website and do not try to access it by force. This way, you could just put your computer at risk!
About the author
Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions