Now New Ransomware 'PETYA' Hits Europe Badly
Petya Ransomware also known as Petwrap and it is attacking with the same vulnerability like WannaCry did. This Ransomware infects Metro, Airport and Banks of Europe. According to the reports, it is spreaded at even bigger scale.
Its exploit method leaked from NSA hack called EternalBlue just like the WannaCry was used to infect thousand of computers Worldwide. EternalBlue exploits vulnerability MS17-010 in Microsoft's implementation of the Server Message Block (SMB) protocol. Microsoft had released a "Critical" advisory, along with an update patch to plug the vulnerability a month before, on 14 March 2017.
Petya Ransomware attack was first reported in Ukraine, where its government, banks, state power utility and Kiev’s airport and metro system all particularly badly affected. The radiation monitoring system at Chernobyl was taken offline, forcing employees to use hand-held counters to measure levels at former nuclear plant’s exclusion zone.
Jakub Kroustek, Threat Lab Team lead at Avast, said: "One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85% of the paid ransom amount, while 15% is kept by the malware authors."
Hackers are asking ransom $300USD in Bitcoin payment to unlock the affected computer.
If you are victim of Petya Ransomware then following message will be shown on your computer screen,
If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without decryption service.
We guarantee that you can recover all your files safely and easily. All you need to do is submit the Payment and purchase the decryption key.
Deputy Prime Minister of Ukraine Tweeted,
Official Twitter account of Ukraine also tweeted about this Cyber attack.Та-дам! Секретаріат КМУ по ходу теж "обвалили". Мережа лежить. pic.twitter.com/B74jMsT0qs— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017
According to report, Allan Liska, intelligence architect at Recorded Future, said the attack has multiple components including an attack to steal login credentials as well as trash compromised computers. "This appears to be a multi-pronged attack that started with a phishing campaign targeting infrastructure in the Ukraine," Liska said. "The payload of the phishing attack is twofold: an updated version of the Petya ransomware (older version of Petya are well-known for their viciousness, rather than encrypt select files Petya overwrote the master boot record on the victim machine, making it completely inoperable)."Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue 👌 pic.twitter.com/RsDnwZD5Oj— Ukraine / Україна (@Ukraine) June 27, 2017
There is some speculation that, like WannaCrypt, this attack is being spread using the EternalBlue exploit, which would explain why it is spreading so quickly (having reached targets in Spain and France in addition to the Ukraine). "Our threat intelligence also indicated that we are now starting to see US victims of this attack," according to Liska.
Symantec said in a report: “A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations. Similar to WannaCry, Petya uses the Eternal Blue exploit to propagate itself.”
According to the reports it is turning out to be a more dangerous than WannaCry Ransomware.