What is Petya Ransomware ?
BY.MICKY VERMA
Another month and another ransomware cyber attack around the world. It seemed that the threat of WannaCry has dissipated and organizations across the world are finding themselves under obstruction from a new threat. However, a new wave of ransomware has stricked in the market affecting critical infrastructure and business systems around the world.
Petya ransomware is known to be the second major global ransomware attack, which has vigorously hit computer servers spanning Europe, the Middle East, and the United States. It is locking up computer data and crippling enterprise services in the corporate sector including banking institutions to airlines and hospitals. But most of the infections targeted Russia and Ukraine, where more than 80 companies were attacked initially along with the National Bank of Ukraine.
The significant difference between WannaCry and Petya is that WannaCry was likely organized into a small number of computers & then spread rapidly, whereas Petya ransomware seems to have been deployed onto a significant number of computers and spread via a local network.
How does the Petya ransomware work?
This ransomware attack takes over computers and demands for $300, paid in Bitcoin to regain access to the system. The malicious software spreads quickly across an organization once a computer is infected by using the Eternal Blue vulnerability in Microsoft Windows or through Windows administrative tools. The malware tries one option, and if it doesn’t work, it tries another one. Ryan Kalember of cyber security company Proofpoint said that it has a better mechanism for spreading itself than WannaCry.
Where did it start?
According to the Ukrainian cyber police, this attack has been broadcasted over a software update mechanism built in an accounting program and affected the companies, which are working with the Ukrainian government such as banks, state power utilities, airport & metro system. The radiation monitoring system at Chernobyl (the name of a city situated in northern Ukraine near the border with Belarus) was also taken offline and forcing employees to use hand-held counters to measure the levels at the former nuclear plant’s exclusion zone.The second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.
Who is behind the attack?
It is not clear, but some experts and Ukrainian politicians have suggested that it is someone who desires the malware to masquerade as ransomware, which is designed to cause destruction in Ukraine. Nicholas Weaver said that Petya was a malicious, deliberate & destructive attack or perhaps a test disguised as ransomware. Pseudonymous security researcher noted that the real Petya was a criminal enterprise for making money,” but that the new version is not designed to make money. But this is intended to spread fast and cause damage, with a reasonably deniable cover of ransomware.
To safeguard your organization with new threats in the market, it is essential to keep your security protection updated and eliminate any loopholes in the security. Avyaan’s cost-effective services of Annual Website Security Routine can help you in protecting your organization from the major security threats. We have a group of competent testers & developers with ample of experience working with various clients.
Petya is the latest ransomware that has hit the market creating trouble for thousands of computer and internet users. It blocks access to a computer system, encrypts its data and asks for money in order to unlock it.
Files with the following extensions are encrypted by Petya:
.doc.pptx .pst .pvi .py .pyc .rar .rtf .ai .asp .aspx .avhd .back .bak .djvu.vsdx .vsv .work .xls .xlsx .xvd .zip.vfd .vmc .vmdk .vmsd .vmx .sln .sql .tar .vbox .vbs .vcb .vdi .docx .dwg .eml .fdb .gz .h .nrg .ora .ost .ova .ovf .pdf . hdd .kdbx .mail .mdb .msg .c .cfg .conf .cpp .cs .ctl .dbf .disk .php .pmf .ppt.3ds .7z .accdb
No comments:
Post a Comment