Petya Ransomware infecting systems for ransom
A new widespread ransomware is spreading and causing distress to
corporations and government across the globe.
Large Corporations & Government Infected by Petya Ransomware
Already reported major corporations such as the A.P. Moller-Maersk
worlds largest shipping company
has been infected and being hold hostage to the ransomware.
Status update 27 June from the Maersk Twitter account
The new ransomware is more sneaky than the earlier similar WannaCry that infected more than 200,000 systems.
It uses two layers of encryption and locks your files and the computers file system.
Petya not just encrypts your files but also your entire hard drive
Microsoft have released patches already for the vulnerability but even users with patches can still be infected
through Office documents that is exploiting another vulnerability similar to the WannaCry vulnerability.
It has been shown recently still more than 38 million systems are vulnerable
to the vulnerability exploited by WannaCry attack.
There is a key difference between Petya and WannaCry is that Petya do not have
the weaknesses and build in kill switch as WannaCry had.
Further more WannaCry had several weaknesses in the programming indicating it was released before it was finished.
The Petya Ransomware is very well written which increases the success and infection rate.
WannaCry many design flaws
Many of the deisgn flaws made WannaCry die out just after a few days.
Possible revealed to being an un finished North korean project.
Petya is more sophisticated and professional done already showing high profile victims.
Large shipping corporation, medical phara giant and public institutions.
NotPetya or GoldenEye
Some IT Security researchers call this new variation for NotPetya or GoldenEye. Some just refer to it as Petya.
It was reported that several Government institutions in Ukraine got hit along with Russias biggest oil exporter Rosneft.
Rosneft did confirm that the oil production will not be effected because they switched to a reserve operating system.
A United States based pharma giant Merck also was compromised.
The ransomware asks for $300 US paid in Bitcoin to lock up a victims system.
It is recommended for the users to always run daily vulnerability scans to expose instantly any critical vulnerabilities.
This can help prevent future ransomware attacks.
Prevent Petya Ransomware and cure infected systems
There have already been reported key generators and unlockers in the wild.
A trick to stop the spreading can be done by creating a file in c:windowsperfc.dat and c:windowsperfc and set both files to READ ONLY.
This will stop the spreading but not infection.
A bat file that will do it can be found here https://download.bleepingcomputer.com/bats/nopetyavac.bat
It is possible to follow the attackers money trail and see how many have paid to here: