Sign up to save your podcasts
Or
Share DP60 Petya Ransomware
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
DP60 Petya Ransomware
Discovered in 2016, Petya is a family of encrypting ransomware that targeted Microsoft Windows systems. In 2016, we saw variants of this but in June 2017, we experienced a global cyberattack primarily targeting Ukraine.
In 2016, the variants gained attention when Check Point - an IT security company - found the ransomware being active but not playing a big role compared to other ransomware that was active at the time. That being said, they did say they flagged the ransomware as the next step to ransomware evolution.
They were certainly right about that as the year after that we saw an attack. On the 27th of June 2017, a major global cyberattack began using a variant of Petya. On the day of the attack, there was reported infections in Germany, France, Italy, Poland, United States, and the United Kingdom. Though the major focus was on Russia and Ukraine.
Overall the attacks focused on companies with over 80 companies that were initially attacked being in the Ukraine. Out of those initial attacks, the National Bank of Ukraine was targeted. After the initial attack, 80% of infections occurred in the Ukraine with Germany being the second hardest hit with roughly 9% of infections being there.
Many people believe that this attack was due to politics since the date the attack occurred was a day before Ukraine’s Constitution Day.
As a side note, the name Petya refers to the 1995 James Bond film GoldenEye where Petya was one of the two weapon satellites that carry a Goldeneye. Because of that reference the Petya malware is also known as Goldeneye.
As for how this malware worked, Petya would first infect a computer’s master boot record. It then overwrites Windows bootloader and trigger a restart. Once it starts back up, the payload will encrypt to the Master File Table and the user will see a ransom message demanding a payment made in Bitcoin.
As mentioned there were other variants which functioned the same way. The only difference was that some messages demanded the user to grant it admin privileges. Another actived a second payload called Mischa which was a backup plan should Petya fail to encrypt any data. Mischa went to encrypt user documents and executable files instead.
Initial forms of Petya was by being disguised as a PDF file attached to an email.
Fortunately damages were still considered fairly low. Despite the massive damage it caused the damage was more on a productivity level as opposed to people paying out their ransom. After all, the email that was listed on the ransom screen was quickly suspended by that email provider. This meant that while computers got infected the users couldn’t even pay any money to the perpetrator.
View all episodes
By dpappDiscovered in 2016, Petya is a family of encrypting ransomware that targeted Microsoft Windows systems. In 2016, we saw variants of this but in June 2017, we experienced a global cyberattack primarily targeting Ukraine.
In 2016, the variants gained attention when Check Point - an IT security company - found the ransomware being active but not playing a big role compared to other ransomware that was active at the time. That being said, they did say they flagged the ransomware as the next step to ransomware evolution.
They were certainly right about that as the year after that we saw an attack. On the 27th of June 2017, a major global cyberattack began using a variant of Petya. On the day of the attack, there was reported infections in Germany, France, Italy, Poland, United States, and the United Kingdom. Though the major focus was on Russia and Ukraine.
Overall the attacks focused on companies with over 80 companies that were initially attacked being in the Ukraine. Out of those initial attacks, the National Bank of Ukraine was targeted. After the initial attack, 80% of infections occurred in the Ukraine with Germany being the second hardest hit with roughly 9% of infections being there.
Many people believe that this attack was due to politics since the date the attack occurred was a day before Ukraine’s Constitution Day.
As a side note, the name Petya refers to the 1995 James Bond film GoldenEye where Petya was one of the two weapon satellites that carry a Goldeneye. Because of that reference the Petya malware is also known as Goldeneye.
As for how this malware worked, Petya would first infect a computer’s master boot record. It then overwrites Windows bootloader and trigger a restart. Once it starts back up, the payload will encrypt to the Master File Table and the user will see a ransom message demanding a payment made in Bitcoin.
As mentioned there were other variants which functioned the same way. The only difference was that some messages demanded the user to grant it admin privileges. Another actived a second payload called Mischa which was a backup plan should Petya fail to encrypt any data. Mischa went to encrypt user documents and executable files instead.
Initial forms of Petya was by being disguised as a PDF file attached to an email.
Fortunately damages were still considered fairly low. Despite the massive damage it caused the damage was more on a productivity level as opposed to people paying out their ransom. After all, the email that was listed on the ransom screen was quickly suspended by that email provider. This meant that while computers got infected the users couldn’t even pay any money to the perpetrator.