Petya Ransomware – It Will Hunt Your Hard Drive Down and Lock it Out

Update – July 2017

The developer of the original Petya ransomware has released his master key to the public, allowing affected users to unlock their devices if they can. It presents a ray of light for victims who have been waiting till this day to unlock their devices.

Note: The key does not work on the recent Not Petya malware. It only works on the previous devices affected by the original Petya ransomware.

Update – June 2017

As you probably may have heard, the Petya ransomware is back, this time with additional fireworks! To differentiate it from the original Petya, it's being referred to as "Not Petya". It’s now affecting all kinds of Windows machines, no matter how much updated or patched-up they are.

Once a computer is infected, all files on the system are encrypted with immediate effect. And unlike the time when you could pay a ransom amount to decrypt your device, there is no way you can contact the hackers and save your data this time around.

How did it begin?

Not Petya, or GoldenEye ransomware, began spreading early Tuesday morning, 27th of June to be exact, in Ukraine. It started off when businesses downloaded the latest update to their MEDoc software, which is a financial-monitoring application commonly used in Ukraine.

The software isn’t itself at fault however. Someone apparently broke into its servers and released the new and infected software update without the company’s knowledge.

According to Kaspersky Lab, the Not Petya malware is also hidden inside Ukranian websites, possibly to infect any visitors via drive-by-downloads.

How did it spread?

Though, it originated in Ukraine, the infection quickly spread to other European countries through enterprise networks. It’s possible that foreign companies with operations in Ukraine were infected as the worm traveled “upstream.”

Not Petya took use of the ETERNALBLUE Windows exploit, also used previously by WannaCry ransomware. The exploit allows Not Petya worm to easily spread through specific network ports – which in this case are 139 and 445. Not Petya can easily use these ports to infect the entire local network.

Who is behind Not Petya?

It’s still unclear as to who is behind the spread of Not Petya. Rumors are that the infection is created by patriotic Russian hackers who want to destroy Ukraine’s economy. Because of this, analysts believe that the aim of these creators is not to make money but to cause total destruction. However, no one has yet been able to confirm or deny these rumors.

Should I pay the Petya ransom?

Paying the previous ransom amount won’t do the trick this time around. As of yet, the creators of the ransomware have not contacted customers and demanded any sort of payment. The email address being used by previous Petya hackers, [email protected], has been shut down by the email host.

Unless, the hackers contact you personally, it will be a mistake to pay the previous ransomware makers.

Is there a way to kill Not Petya?

There are some ways through which you might be able to stop the Petya encryption process. If your computer is infected, it will automatically start to reboot. Your job is to stop this reboot from happening and keep your PC running. Rebooting the machine is essential for Petya in order to encrypt the hard drive’s Master Boot Record.

You can also try to immunize your machine by creating a read-only file “perfc” and placing it inside the Windows directory. If you’re lucky, Petya worm might see that file and will not encrypt your machine, BUT, it will continue to spread to other machines on the same network.

You must be aware that data encryption methods are used to secure a device’s data, but have you heard about encryption taking your data away from you? Well, the day has come when you might fall victim to a ransomware, and your entire hard drive’s data will be encrypted to such an extent that you won’t be able to decrypt it without paying the cyber criminal a huge sum of money.

April 2016

The Nightmare of Petya Ransomware

Not only will the Petya ransomware make the victim pay a certain amount to regain access to their data, but the amount of ransomware will be automatically doubled after seven days. Now, you must be wondering how this ransomware works and how should you keep yourself protected against it. Allow us to walk you through.

The threat works in a simple yet cunning way. According to G Data Software, users are sent innocuous looking e-mails that appear to be from a job applicant. The e-mail infects the device as soon as the user downloads and open the resume file (hosted in a Dropbox folder).

What Does it Exactly Do

The Petya Ransomware trashes user’s boot record, forcing their computer to crash.

Petya-Processing

Upon reboot, users are told that there are errors that are needed to be fixed, which will take several hours. When the fix is done, the computer restarts so that the fix can be applied but system reboots only to tell users that their data has been locked.

Petya-RansomNote

Extent of Damage Petya Ransomware

The severity of damage depends on a number of factors, such as how big of an internet network the victim has, what is his financial standing, how important the stored data is etc. One unfortunate hospital management had to pay $17,000 in bitcoins to regain access.

How to Fight Petya Ransomware?

If you have been infected by Petya Ransomware, then there is only one way to get access to the encrypted data; by paying a ransom. You will be shown a screen on which you will be provided with the information you need to pay the ransom through.

There is one other way to fight against this ransomware threat; being cautious and never clicking on any e-mails that are sent by suspicious email addresses. Yes, employers do receive hundreds of applications on a daily basis but they can also avoid falling into the trap of Petya ransomware by not downloading documents from e-mails that come from weird address such as [email protected], [email protected], etc.

Also, e-mails that come with attachments but without any text in the e-mail’s body should be dealt with extra caution as most of the candidates write a line or two before sending their resumes to potential employers.

Be very cautious while downloading documents from e-mails. Do not let Petya ransomware hunt your hard drive down and lock your precious data. If you are still unsure about how to stay safe from Petya ransomware, back your data up today so that you can restore it in case of an emergency.

Sheheryar Ahmed Khan is a privacy enthusiast, currently affiliated with PureVPN. His reporting covers subjects related to online privacy, anonymity, and security. Also a believer in online freedom, Sheheryar likes to spend his free time streaming football matches and TV shows online.

1 Comment
  1. dave says:

    thanks for interesting article. i heard a lot about this virus

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Shares