The scars of Wannacry was not healed yet, a new ransomware attack has come to haunt the cyber world again. The name of this new ransomware is Petya. It has affected many countries like Poland, Germany, Ukraine, Russia etc.
If you are here to know about the Petya Ransomware attack, then this is the whole story. Here we are going to tell you all the aspects of this attack. i.e. social , economical & working of Petya Ransomware.
Ransom demand from Petya
The new Petya ransomware has affected a number of countries. The amount of money that they have demanded for freeing of data is $300 in bitcoins. The amount of wannacry & Petya ransomware are same.
Petya Ransomware Origin
This new malware attack was made on the basis of NSA eternal Blue Exploit, leaked by Show Brokers (A hackers Group name).
A few weeks before, Wannacry ransomware spread at a very fast pace & attack thousands of computers all over the world. There is no big time gap between these two attacks. The effects of this ransomware has been seen in Ukraine banks & nuclear plant.
The main victims of Petya Ransomware
Due to this the government computers in the bank went offline & their data is locked.
- Ukrainian branch’s mining company Evraz.
- The Chernobyl nuclear plant in Ukraine
- Ukraine’s local metro and Kiev’s Boryspil Airport
- Kyivstar, LifeCell, Ukrtelecom – Ukraine telecom companies
- Danish shipping company Maersk
- Russian oil company Rosneft.
The Chernobyl nuclear plant in Ukraine which is main electricity supplier in the country has also been affected. Other places affected are Danish shipping company Maersk & Russian oil company Rosneft.
Countries affected by Petya Ransomware
The figures provided by Kaspersky are
|Name of the Country||Attacks in %|
|Other Countries (USA, Poland, Germany, UK, and France)||10%|
This ransomware is associated with a Bitcoin wallet & asking for $300 in bitcoins for releasing the files. Kaspersky & Symantec has precipitated the number of payments that were made by the associated bitcoin wallet. According to kaspersky & Symantec the number of payments are 7 & 9 respectively.
Working of Petya ransomware
Petya Ransomware is not like any traditional ransomware. It does not encrypt all file simply. First it reboot the computer & encrypt the Hard Disk complete Master File Table & destroys the MBR (Master Boot Record).
The MBR is replaced with another malicious code into the PC & there is no way to boot PC then. The file system which information like file names, sizes, and location are locked on the physical disk.
In the beginning Kaspersky told that the ransomware is a variant of old Petya ransomware but later said the infection is based on the whole new infection & call it ‘NotPetya’.
- Avira & symantec has claimed that Petya is based on Eternal Blue exploit, same as WannaCry.
- Eternal Blue exploit attacks Windows SMB file sharing system & spreads fast between different systems.
After the infection your PC will show the message “If you see this text, then your files are no longer accessible because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
Prevent your PC from Petya Ransomware Attack – Precautions by F-Secure Security Firm
These suggestions are given by security firm F-Secure to secure your PC from infection.
If you find the information useful then please write comment for any suggestion or you have any doubt. Thank You.