Petya Is Not a Ransomware, But a Wiper Malware

No Comment Yet

Two days back there were few reports talking about the Petya Ransomware attacks. It reported that Petya has affected several systems across France, Ukraine, UK, India, Russia, Spain and Europe. India is the seventh most impacted nation. The attackers behind this attack also demanded $300 in bitcoins to get files back. But it turns out to be something more dangerous that a ransomware attack.

As per the new reports, Petya is not the ransomware but a dangerous wiper malware. It was just designed to look like a ransomware. But in reality, it was deleting all important files and records from the affected systems. This was first reported by Matt Suiche, founder of the cyber security firm Comae. Later, this was also confirmed by Kaspersky.

Rs. 1330 off on JioFi

JioFi device now for Rs. 999.00

This attack was named as Petya because it shares few codes with previously known Ransomware attack Petya. But this time the actual function is different.

How Wiper is different from Ransomware

The Wiper malware destroys all important files and records. On the other hand, Ransomware just encrypts the data to demand money. In Ransomware attack, data can be restored. After the wiper attack, the possibility of data restoration is very less.

Petya is smart and it uses multiple techniques to automatically spread in a network to find more systems to infect.

As per the research conducted by Talos Intelligence, this malware was possibly spread through a malicious software update to a Ukrainian tax accounting system called MeDoc. Later, MeDoc denied this allegation. However. several security researchers and even Microsoft agreed with Talo’s finding. They say that MeDoc was breached to spread this malware via software updates.

Do not pay Ransom

It was reported that nearly 45 people paid the ransom and attackers earned total $10,500 in Bitcoins. They hoped to get their data back, but it will not possible. Multiple reports confirmed that.

Our analysis indicates there is little hope for victims to recover their data. We have analyzed the high-level code of the encryption routine, and we have figured out that after disk encryption, the threat actor could not decrypt victims’ disks,”

Even the email address that was used by attackers to communicate with victims was suspended by the German provider.

Impact of Petya around the globe

If I talk about the impact, this attack has affected several countries Ukraine was the primary target along with US and Russia. The other countries that saw cases related to Petya are France, UK, Germany, China, and Japan.

It is worth to mention that nearly 60 percent of the system infected by Petya ransomware were located within Ukraine. It has touched the most important institutions of the country including central bank, airport, metro, power plant and more.

Now it is confirmed that the attack was not for money. So it looks like this attack was actually to cause damage to Ukraine. There is nothing to prove it but the way Ukraine suffered, it looks so.

This is the second time in two months when hackers tried to perform a mass attack. Last month, WannaCry Ransomware attack affected over 100 countries.

Bottom line

Patch your system and install security updates of your OS if available. Have a backup of your important data and start preparing for a worse case scenario. Stop downloading any random file from the Internet.

Further reading:

Microsoft Blog, Comae

Image source:


Up Next

Related Posts