Wednesday 5 July 2017

Another Attack of Ransomware- Petya/Not Petya


On June 27, a new virus called Petya spread in many countries. People still don't know what it really is. Many saying it is a new ransomware but some saying it's a wiper. It's called Petya.



Petya Virus


Petya is a ransomware which was deployed in 2016 to infect the systems. Most importantly it was capable of encrypting MFT files. It was two waved attack. It was targeting Windows operating system. Ransomware blackmailers asked for Bitcoin currency on an onion website. Mainly it's vector was e-mail attachments. But as it was spreading by e-mails, it was not able to infect big quantity.

This year, after a major attack of WannaCry, many countries are facing again the same type of problem, because of new ransomware. This is most likely same as WannaCry from first sight. People also named it as WannaCry v2.

This ransomware or wiper has the ability to encrypt victim's Master Boot Record which in turns disable the booting option of Windows. This virus has many similarities with WannaCry. It encrypts all important files of a system including MFT(Managed File Transfer) and asks for the same amount of amount to decrypt it, that is $300 in the same Bitcoin currency. That's why people called it Petya.
Also, it is spreading by the same vulnerability, EternalBlue exploit which was used by WannaCry.

EternalBlue Exploit

EternalBlue is a vulnerability in Windows which can give remote access to the attackers. It was first generated by NSA(National Security Association), USA. They found it but a group of hackers named Shadow Brokers stole it from them. 

Soon on Tuesday 14 March 2017, its patches were released by Microsoft with a small bulletin. Microsoft did it for all it's operating platform which is WindowsXP, Vista, Win7, Win8, Win8.1 and Windows 10.
 But on May 12, 2017, the WannaCry spread to infect the big firms and companies. 
Those who didn't update their Windows OS gets infected. Soon after next day, Microsoft again released its patch for so this virus does not spread anymore.




















No comments:

Post a Comment

Share your experience ,please give us your feedback it is important