Petya is not a ransomware, it's a Malware named Wiper responsible for destroying data on the target's hard disk on systems running Microsoft Windows.
The Petya cyber attack that commenced on June 27 was plainly inspired from the WannaCry attack, which got so much attention last month. The motives behind WannaCry are still not found, however, it was not an effective approach to profiting for its creators.
In this Petya Attack displayed key is randamoly produced and can't be utilized to decrypt-Petya-encrypted data. This implies Petya is all the more precisely a wiper and not ransomware. And this shows the Petya's primary motivation is disturbance.
If a computer affects with Petya then Petya attempts to encrypt a set of files that have specific extensions like 3ds, 7z, accdb, ai, asp, aspx, avhd, back, bak, c, cfg, conf, cpp, cs, ctl, dbf, disk, djvu, doc, docx, dwg, eml, fdb, gz, h, hdd, kdbx, mail, mdb, msg, nrg, ora, ost, ova, ovf, pdf, php, pmf, ppt, pptx, pst, pvi, py, pyc, rar, rtf, sln, sql, tar, vbox, vbs, vcb, vdi, vfd, vmc, vmdk, vmsd, vmx, vsdx, vsv, work, xls, xlsx, xvd, zip.. The attacker then demands payment of $300 worth in Bitcoin, which they ask for be exchanged to a single wallet. In the ransom note, the victim is advised to send notification of payment to a single email address.
After affecting computer the malware attempts to spread to all machines on the network, using a combination of stolen credentials and the EternalBlue exploit from NSA. It also tries to connect to any computers that the infected computer has recently interacted with. However, unlike WannaCry, it does not try to connect to random IP addresses over the web.
The individual or people behind the attack were in fact proficient and were trying to trade off a choice group of financial targets that might probably pay a ransom, as they would need to regain access to essential financial records.
The attacker may not be a smart cyber criminal, however, as using a single bitcoin account or wallet, and a single email account for contacting, was not the best deal to get ransom amount. The email account was rapidly closed by its provider, thus disabling the ability of the attacker to interact with victims for asking ransom. The Bitcoin wallet is still active, however, any money transferred from this wallet is closely monitored by law enforcement. The attacker may have a difficult time making use of the ransom amount.
Wiping hard drives through the falsification of ransomware confuses the issue, leaving victims and investigators to ask: “Are the attackers politically motivated, or criminally motivated?”
In view of the current data, the motive behind may be disruption. Because Non-Ukrainian organizations were affected, however, this may have been unintentional. There was no attempts to spread over the internet by attacking random IP addresses. Petya attack was an ineffective way to make money, but a very effective way to disrupt victims, and planting confusion.
KNOW MORE ABOUT PETYA AT: Petya Ransomware
Comments
Post a Comment