There’s no “off switch” to stop the ongoing ransomware attack that’s struck companies around the globe, including Merck which operates a huge vaccine factory in Durham. So what do you do if you or your company are attacked? How do you make sure you aren’t vulnerable? Europol, the European Union’s police agency, offers tips to follow.

“This is another serious ransomware attack with global impact, although the number of victims is not yet known,” says Europol Executive Director, Rob Wainwright.:

“There are clear similarities with the WannaCry attack, but also indications of a more sophisticated attack capability, intended to exploit a range of vulnerabilities. It is a demonstration of how cybercrime evolves at scale and, once again, a reminder to business of the importance of taking responsible cyber security measures.”

Here is insight offered by Europol about what’s happening – and what to do:

  • How does it work?

Despite existing since 2016, Petya ransomware differs from typical ransomware as it does not just encrypt files, it also overwrites the Master Boot Record (MBR)1. This renders the machine unusable and prevents users from recovering any information from it. Unlike the previous Wannacry incident, this attack does not include any type of “kill switch”.

  • What to do?

If you have been infected:

  1. Do not pay. You will not only be financing criminals, but it is unlikely that you will regain access to your files. This is particularly relevant in the case of Petya, as the email account used to manage ransom demands has been blocked, thus disabling attackers’ access to the only communication channel known at the moment.
  2. Report it to your local police. Make sure that you keep a copy of the phishing email received from the attackers and provide it to the police. This will help law enforcement with their investigation.
  3. Disconnect the infected device from the internet. If the infected device is part of a network, try to isolate it as soon as possible, in order to prevent the infection from spreading to other machines. You can then format the hard drive, reinstall the operating system and apps, run any available updates and, finally, restore the locked files from your back-up device.
  • If you have not been infected:
  1. Keep all apps and operating system up to date, making sure that you install all Microsoft patches as soon as they are made available. If the device offers the option of automatic updates, take it.
  2. Back-up your data. Even if you are affected by ransomware, you can easily retrieve your files. It is best to create two back-up copies: one to be stored in the cloud and one to store physically.
  3. Use robust security products to protect your system from all threats, including ransomware.
  4. Do not use high privileges accounts (accounts with administrator rights) for daily business.
  5. Do not click on attachments or links that accompany suspicious or unexpected emails, even if they seem to be coming from a trusted party such as such as a bank or an online store. Trust no one.

For more tips and for the latest available decryption keys, visit https://www.nomoreransom.org/