Petya Ransomware Attack is Globally Messing Up with Data of the Users
Petya is a new kind of ransomware noticed recently. This malicious virus has a completely new approach to mess up with your system. As most of the users are curious about what is Petya ransomware and how does Petya ransomware attacks? Therefore, we have discussed all important information that one must know about this cyber virus.
As nowadays the different types of ransomware attacks are going on, so users must be aware of what is ransomware? It is a type of malicious code that restricts or block the access to user’s data and threatens them until they pay the ransom. Petya virus is also a nasty type of ransomware that works totally different from all other malware. It is a member of encrypting ransomware family whose main targets are Microsoft Windows-based systems. It works differently from other traditional ransomware. Petya does not encrypt the files of the system instead, it reboots the victim’s personal computer and encrypts the master file table of the hard drive. It basically replaces the MBR of the computer with its own malicious code and leaves it in an inoperable state. It displays the ransom note and restricts access the computer by seizing details of the file name, size, and location on the hard disk. However, after infecting the MBR and NTFS table, it demands some payment in a Bitcoin if a user wants to get access back to his system.
Petya Cyber Attack is Different from WannaCry!
Yes, Petya is another type of ransomware but it is not same as WannaCry. There are some differences in both of them, which are discussed below:
- Its main spreading method is through emails, which contains some malicious links from some unknown email address.
- When the malicious code is run on the system, Petya virus dissimilar to WannaCry encrypts the master file table of the hard disk instead of an individual file.
- Another major difference is that it has fake Microsoft digital signature appended and copied from the Sysinternals to fool antiviruses in the systems.
- It is a new variant, which can easily be spread laterally through WMI also.
- Some of the payloads include Loki Bot variant (An another type of malware to steal data) with ransomware. It is another type of banking Trojan to extracts usernames & passwords from the compromised systems.
How Petya Ransomware Executes & Spread?
The following are how the Petya ransomware attack is executed and spread.
Delivery & Execution
This Petya virus as discussed above is delivered to your computer via e-mails that contain links to the malicious files on the Dropbox. However, the Dropbox folder has two type of file i.e. a self-extracting executable file & the applicant’s picture. As it is downloaded the resume will extract itself and begin all the Trojan activities. As this Trojan somehow manages to fool any type of antivirus software before starting the download and execution process.
After that, this executable code overwrites the Master Boot Record by the ransomware and make it point to the Petya code rather than the operating system. In addition, the malicious Petya code is executed when the system boots. It displays a screen, which looks like a CHKDSK. At this stage, the Petya will encrypt the MFT file and all hard disk will get wiped out. Because it becomes impossible for the system to locate any file without MFT.
How is it Spreading?
The Petya ransomware is using the SMBv1 EternalBlue same as WannaCry, which takes advantage of Windows system that is unpatched. The Windows SMB exploits i.e. EternalBlue is leaked by some hacking group, who claims that it is stolen from the leaks the US intelligence agency NSA, with some other Windows exploits.
It mostly attacks the unpatched Window or via two Windows administrative tools. This malware first tries one option and in the case of failure, it tries another but did not stop. Moreover, it has a better mechanism to spread itself compared to WannaCry.
Badly Infected Countries of 2017 Cyber Attack
This new major global attack began on June 27, 2017, and Kaspersky Lab stated that infected countries are France, Italy, Poland, Germany, United States, and United Kingdoms. But, the countries that are badly targeted are Russia and Ukraine. Here, around 80 companies were attacked initially., which includes Nation Bank of Ukraine, electricity firms, ministries, etc. And, it demands US $300 or 0.99 BTC to release all the data.
Preventive Measures to Protect Yourself From Petya Ransomware Attack
There can be various preventions that a user can use to protect themselves from this virus.
- Always be careful while opening suspicious unwanted files and documents that are sent through an email and never click on the links without verifying the source.
- Always have a backup of the valuable data. Backing up data on regular basis and storing it in some safe location is a good practice.
- Apart from this, install a good & reliable anti-virus software suite on the system, and always keep it up-to-date. In addition, always use the Internet safely.
- Block the most suspected email address:
The WannaCry ransomware is not out yet and Petya, the another ransomware attack is threatening the users worldwide. It is shutting down the systems across the world and demanding ransom. As these kinds of cyber attacks are increasing at a rapid rate, so infected users are advised not to pay the ransom. However, it encourages the hackers or attackers and there is no guarantee that all files will be returned back. Instead of paying the ransom, it is better to restore data from the backup or use any data recovery solution to prevent your data from the Petya ransomware attack or any other cyber attack.