Home > Latest Tech > Petya NotPetya Ransomware Cyber Attack – Another Wannacry Attack, Precautions by F-Secure

Petya NotPetya Ransomware Cyber Attack – Another Wannacry Attack, Precautions by F-Secure

Working of Petya ransomware

The scars of Wannacry was not healed yet, a new ransomware attack has come to haunt the cyber world again. The name of this new ransomware is Petya. It has affected many countries like Poland, Germany, Ukraine, Russia etc.

If you are here to know about the Petya Ransomware attack, then this is the whole story. Here we are going to tell you all the aspects of this attack. i.e. social , economical & working of Petya Ransomware.

Ransom demand from Petya

The new Petya ransomware has affected a number of countries. The amount of money that they have demanded for freeing of data is $300 in bitcoins. The amount of wannacry & Petya ransomware are same.

Working of Petya ransomware
Working of Petya ransomware

Petya Ransomware Origin

This new malware attack was made on the basis of NSA eternal Blue Exploit, leaked by Show Brokers (A hackers Group name).

A few weeks before, Wannacry ransomware spread at a very fast pace & attack thousands of computers all over the world. There is no big time gap between these two attacks. The effects of this ransomware has been seen in Ukraine banks & nuclear plant.

The main victims of Petya Ransomware

Due to this the government computers in the bank went offline & their data is locked.

  • Ukrainian branch’s mining company Evraz.
  • The Chernobyl nuclear plant in Ukraine
  • Ukraine’s local metro and Kiev’s Boryspil Airport
  • Kyivstar, LifeCell, Ukrtelecom –  Ukraine telecom companies
  • Danish shipping company Maersk
  • Russian oil company Rosneft.

The Chernobyl nuclear plant in Ukraine which is main electricity supplier in the country has also been affected. Other places affected are Danish shipping company Maersk & Russian oil company Rosneft.

Countries affected by Petya Ransomware

The figures provided by Kaspersky are

 Name of the Country Attacks in %
 Ukraine  60%
 Russia  30%
 Other Countries (USA, Poland, Germany, UK, and France)  10%
 Total  100%

This ransomware is associated with a Bitcoin wallet & asking for $300 in bitcoins for releasing the files. Kaspersky & Symantec has precipitated the number of payments that were made by the associated bitcoin wallet. According to kaspersky & Symantec the number of payments are 7 & 9 respectively.

Working of Petya ransomware

Petya Ransomware is not like any traditional ransomware. It does not encrypt all file simply. First it reboot the computer & encrypt the Hard Disk complete Master File Table & destroys the MBR (Master Boot Record).

The MBR is replaced with another malicious code into the PC & there is no way to boot PC then. The file system which information like  file names, sizes, and location are locked on the physical disk.

In the beginning Kaspersky told that the ransomware is a variant of old Petya ransomware but later said the infection is based on the whole new infection & call it ‘NotPetya’.

 

  1. Avira & symantec has claimed that Petya is based on Eternal Blue exploit, same as WannaCry.
  2. Eternal Blue exploit attacks Windows SMB file sharing system & spreads fast between different systems.

After the infection your PC will show the message “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

Prevent your PC from Petya Ransomware Attack –  Precautions by F-Secure Security Firm

These suggestions are given by security firm F-Secure to secure your PC from infection.

 

Prevent your PC from Petya Ransomware Attack
Prevent your PC from Petya Ransomware Attack

If you find the information useful then please write comment for any suggestion or you have any doubt. Thank You.

Leave a Reply

Your email address will not be published. Required fields are marked *