'NOTPETYA' RANSOMWARE- After WannaCry, a new ransomware named Petya is here to annoy your computers. It has already influenced a large number of countries, including Ukraine, Russia, Poland, Germany, etc. This new threat is spreading globally and strikes more than 2000+ Organisations which includes Govt. and Private Sectors. This malware uses the NSA’s Eternal Blue exploit,  which was leaked by the "Shadow Brokers" demanding $300 in bitcoins as ransom.

Is Petya Ransomware another Wannacry?

As we already know that recently in Some weeks ago, the WannaCry ransomware spread at a fast pace and infected millions of computers all across the world. Now, another ransomware is causing havoc around the world. The new attack has seen in Ukraine banks offline, resulting in the locking of computer systems in government offices and  This ransomware attack has also affected the Chernobyl nuclear plant as well as Ukraine’s electricity supplier. It has also affected the Danish shipping company Maersk, Russian oil company Rosneft. Striking pharmaceutical companies, Chernobyl radiation detection systems, and, er, a chocolate factory.

According to the reports @ Kaspersky’s Costin Raiu, about 70% infections have been recorded in Ukraine, followed by 30% in Russian country. The other major countries which are affected by this Petya threat are USA, Poland, Germany, UK, and France.

Petya ransomware demands $300 in Bitcoins:

NotPetya Ransomware

The Petya ransomware is demanding $300 in form of Bitcoins, in which this malware is associated with it for decryption. So far, according to Kaspersky, 7 payments have been done with this ransomware. According to Symantec, the number of payments is now increased to 9.

How does the Ransomware spread?

Ransomware is coded to capture credentials for spreading, the ransomware uses custom tools, a la Mimikatz. These extract credentials from the file lsass.exe. After extraction, credentials are passed to PsExec tools or WMIC for distribution inside a network.

What does the Ransomware do?

This malware affects targets ur PC and it will wait for 10-60 minutes after the infection to reboot the system.Reboot is scheduled using system facilities with “at” or “schtasks” and “shutdown.exe” tools.Once it reboots, it starts to encrypt the MFT table in NTFS partitions, overwriting the MBR with a customized loader with a ransom note.

What is Petya ransomware?

Kaspersky’s earlier report suggested that the new threat is a variant of the older Petya ransomware. However, the company later clarified that it’s an entirely new infection; that’s why they called it “NotPetya.”Avira and Symantec have confirmed that Petya is using the "Eternal Blue exploit", the tool just like WannaCry.


You Might Also Like:

Disqus Comments

Hello, how may we help you? Just send us a message now to get assistance.

Facebook Messenger ×