Based on Security Advisory from Microsoft, Ransomware Petya successfully spreads because it combines client-side attacks (CVE-2017-0199) and network-based threats (MS17-010).
When the computer is infected, the data will be automatically encrypted. The mode is slightly different from Ransomware Wannacry, where Petya will do the boot process by force or if not successful then make system crash so user forced to do boot process.
- Ensure that the system has been updated with the latest patches, including updates that are in the Microsoft MS17-010 bulletin.
- Consider blocking the Microsoft PsExec tool running on a computer on the network. The Microsoft PsExec tool is used as part of the Petya deployment technique.
- Regularly backup existing data and secure. There are many ways in which your data is lost in addition to ransomware; Fires, floods, thieves, laptops that crashed or even accidentally erased.
- Encrypt data that has been backed up and you do not have to worry if your backup system falls into the wrong hands.
- Avoid opening attachments in emails from senders you do not know, even if you work in the HR department or connect directly with clients and use many attachments in your work.