Press "Enter" to skip to content

One more attack: Petya Ransomware: What? How? Why? Where?

Just after a month and one more ransomware attack…now it targets big companies, organizations etc. It’s Petya Ransomware. Affected almost every nation. Many organization in Europe, US, Canada, Russia, Spain, Germany, Israel etc.

It was first spotted encrypting computers in Ukraine and then other places.

petya ransomware virus map

In May 2017, the ransomware WannaCry attack much PCs in the world and now its Petya ransomware.

In India, largest container port JNPT got attacked by ransomware. The WannaCry ransomware attack affected more than 230,000 computers in over 150 countries that were a huge number, with the NHS, Spanish phone company Telefónica and German state railways among those hardest hit.

What is Ransomware?

It is the type of malware that will lock your access to the important files of the computer and ask for ransom to grant access.

What is Petya Ransomware?

Also known as(Petrwrap, and Notpetya)

The malware appears to share a significant amount of code with an older piece of ransomware that really was called Petya.

How does a ransomware work?

When a person’s computer is infected, the ransomware will encrypt important documents and files on your computer and then demands a ransom, typically in Bitcoin(an encrypted money), for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files then you can only get the files by paying the ransom.

How Petya works?

This ransomware takes over your computer and will demand $300, usually paid in Bitcoins. This malware spreads rapidly once a computer is infected in an organization. It uses the EternalBlue vulnerability in Windows  OS or through two Windows administrative tools. Microsoft already released a patch, but not everyone has installed it.

This malware tries one option and unfortunately is it doesn’t work, it tries the another one.

“It has a better mechanism for spreading itself compare with previous WannaCry”, said Ryan Kalember, Proofpoint (cyber security company).

petya ransomware

Can we avoid it?

Most of the anti-malware companies around the world claim’s that their software has been updated to actively detect and protect against ‘Petya’ infections.

Additionally, keeping your Windows OS up to dateat the very least through installing March’s critical patch defending against the EternalBlue vulnerability.

You can also prevent it by checking a read-only file, C:\Windows\perfc.dat, and if it is there, Petya ransomware won’t run the encryption side of the software.

What to do if Ransomware attacks your PC?

The ransomware infects your computer and then wait for an hour like nothing happen. Then will reboot the machine. While the machine is rebooting, you should switch off your computer & prevent the files from being encrypted. Now try to save your files from the machine by copying data from hard disk manually.

Here is the tweet by Hacker Fantastic.