Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry


The WannaCry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and demanding $300 in bitcoins.


According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.


Apart from this, many victims have also informed that Petya ransomware has also infected their patch systems. Petya uses the NSA Eternalblue exploit but also spreads in internal networks with WMIC and PSEXEC. That's why patched systems can get hit." Mikko Hypponen confirms, Chief Research Officer at F-Secure.


Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.


Instead, Petya reboots victims computers and encrypts the hard drive's Master File Table (MFT) and renders the Master Boot Record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya ransomware replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.


Don't Pay Ransom, You Wouldn't Get Your Files Back 


Infected users are advised not to pay the ransom because hackers behind Petya ransomware can't get your emails anymore.


Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was behind used by the criminals to communicate with victims after getting the ransom to send the decryption keys.


The ransomware displays a text, demanding $300 worth of Bitcoins. Here's what the text read:


"If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."


According to a recent VirusTotal scan, currently, only 16 out of 61 anti-virus services are successfully detecting the Petya ransomware malware.


Petya Ransomware Hits Banks, Telecom, Businesses & Power Companies


Petya ransomware has already infected; Russian state-owned oil giant Rosneft, Ukrainian state electricity suppliers, "Kyivenergo" and "Ukrenergo," in past few hours. There are reports from several banks, including National Bank of Ukraine (NBU) and Oschadbank, as well as other companies confirming they have been hit by the Petya ransomware attacks.


Maersk, an international logistics company, has also confirmed on Twitter that the latest Petya ransomware attacks have shut down its IT systems at multiple locations and business units. The ransomware also impacts multiple workstations at Ukrainian branch's mining company Evraz.


The most severe damages reported by Ukrainian businesses also include compromised systems at Ukraine's local metro and Kiev's Boryspil Airport. Three Ukrainian telecommunication operators, Kyivstar, LifeCell, Ukrtelecom, are also affected in the latest Petya attack.


How to Protect Yourself from Ransomware Attacks


What to do immediately? Go and apply the patches against EternalBlue (MS17-010) and disable the unsecured, 30-year-old SMBv1 file-sharing protocol on your Windows systems and servers.

So if your system is infected with Petya ransomware and it tries to restart, just do not power it back on.


"If machine reboots and you see the message, power off immediately! This is the encryption process. If you do not power on, files are fine. Use a LiveCD or external machine to recover files.


To safeguard against any ransomware infection, you should always be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.


To always have a tight grip on your valuable data, keep a good back-up routine in place that makes their copies to an external storage device that isn't always connected to your PC.


Moreover, make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.