Another name to the list – Petya ransomware
Not more than a month has passed since Wannacry ransomware had infected a great mass of organizations and caused huge damage to personal computers in the world. The estimated affection of 230,000 computers in over 150 countries all together caused by Wannacry ransomware. It’s just then that another unusually named ransomware named “Petya” has arrived to take down the digital world.
Major highlights can be regarded as advertising firm WPP shutting down, the downfall of French origin construction company Saint-Gobain, Danish shipping, and transport company AP-Moller-Maersk and many others. Quite a few big names here under ransom! Petya has lead to the locking of PC’s data and asking a sum as ransom in return to decrypt the encrypted files.
Petya ransomware has been infused through a vulnerability in Microsoft Windows known as Eternal Blue Although Microsoft has released a patch resolving it not all systems are updated to it. Once affected it asks for a ransom of 300$ to be paid in Bitcoin. It has been noted that “Petya” spreads more wildly than its predecessor “Wannacry”. To wonder how this ransomware was named such? Is because it actually resembled similar code structure with an old ransomware that was actually called “Petya”. But it was found that they were analogous to each other just from outside while the inside was a different story. All of this resulted in it in calling “Not Petya” by researchers. Different names but the virus are the same.
The seed to this ransomware can be tracked back to Ukraine where it had been induced through an accounting software used by the respective government. Well, it figures why numerous government run institutions and sectors were closed in Ukraine. If you have been affected by this ransomware even if you pay the ransom technically there is no way you are going to get a decryption key as you won’t be able to establish any communication with the attacker(email id has been blocked by German email provider Posteo).
It seems not much you can do for now under attack from “Petya” although once known that your computer is affected (i.e. if a ransom note is displayed) you should plug off your computer from the Internet, reformatting your hard drive and restoring the backup data. It is always recommended to keep a backup(More than one copy) of your data and keep your anti-virus up to date. Unlike Wanna cry which spread externally, Petya spreads internally which has further limited the spreading of infection globally indeed.
It is now for us to wait and see as to how catastrophically malware and ransomware continue to hinder the progress online.
Article Co-written by Anson.C
Featured Image Credit: Ilya Pavlov