News & Articles

What is Petya ransomware?

Screens showing ransomware

Ransomware is a type of malware that encrypts your files and demands a ransom payment in exchange for decrypting them. As often happens with malware, the attackers behind the latest Petya campaign have re-used some familiar tactics, techniques, and procedures (TTPs) from earlier Petya ransomware attacks and the recent WannaCry ransomware attacks.

 

Copy of untitled (1)-1

The ransomware campaign that emerged today follows a similar attack method to last month’s WannaCry ransomware, as it uses the same EternalBlue exploit of a Windows vulnerability. However, unlike WannaCry, this campaign uses Microsoft PsExec and WMI services to spread rapidly across the network. This means that even computers that had previously been patched may still be vulnerable to a laterally moving Petya attack.

password-with-hand-holding-tweezers-binary-codeOnce compromised, the ransomware overwrites the Master Boot Record (MBR), reboots, and then encrypts individual files that match a list of file extensions (including documents, archives, and more). Once the encryption is finished, it presents the victim with a message requesting a ransom of $300 in Bitcoin to decrypt the system.  To date, we understand that up to $3,000 has been paid in ransom, but we have not heard of any affected organizations having successfully decrypted their files, as the associated email account has been shut down.

As with WannaCry, the ETERNALBLUE exploit toolkit (which was released by the Shadow Brokers group in April 2017) is suspected to be a key component of the attack. Microsoft released a software patch for the vulnerability after the release, but there are likely millions of computers that have not been updated even today with that latest patch.  Thus, they are vulnerable and actively being attacked. The initial infection vector in this attack has been linked to a software update for a Ukrainian tax accounting package called MeDoc.

Want to learn how more on how you can protect your business from hacking attacks? Call, email or submit your details below and let’s have a talk. Lets see how your business can become the best!

{{cta(‘5f5091bd-cd78-47b3-9538-217e0ed5529a’)}}

Facebook
Twitter
LinkedIn
Email