Petya Ransomware – Everything you needed to know.

Ransomware, Speaking in Laymen terms, Ransom refers to ” The Payment needed to be paid to the Robbers(For an Instance) to Release/Set free the Captive.” and Warez Refers to “A Set of Lines / Code used in a Computer to Execute Tasks. Also Called as Software”.  WannaCry and Petya Ransomware are now Outbreaking in this Cyber Space and Wandering on Millions of Systems.

Ransomware starts its work within a Single second of its Execution on the Computer. The Next moment you give access to it/ Execute the Malicious Application, It starts reading your Files and Encrypts it into the Human Unreadable Format. In this process, they try to notify you about the encryption while asking you for some RANSOM, to give you a Decrypt Code to get all your valuable Files back. Indeed, there is no perfect proof that they will give the Code after receiving the ransom, There will be a Huge Loss. Anyways, This is How a Ransomware Works. Ransomware is not a new-generation originated computer virus. It is been prevailing in the Dark since a very long time but since 6 months or so, The creators are making it more complicated as well as advanced for an Ordinary Computer user.

“Everything You Needed to Know – Petya Ransomware”

Directly coming to the point, Petya and WannaCry attacks your Windows Machine using EternalBlue, A Vulnerability which was discovered by N.S.A., An SMB Protocol Bug which was in existence and Not Being Patched Since Windows XP. SMB, Server Message Block Protocol was started with Windows 98 as a Network File Sharing Protocol. DoublePulsar, it is the backdoor malware that EternalBlue checks to determine the existence keep the connective alive to sustain the interaction. So When the Application is executed, In the Background, It Encrypts all the Data in the Computer as well as Search for other SMB Connections within the Network which helps the Worm to Spread-out in the Network.

EternalBlue Connecting back to DoublePulsar in petya Ransomware

Credits: MalwareBytes. Image: EternalBlue Connecting back to DoublePulsar.

Ransomware attacks were Ruthless these days. WannaCry unwillingly targetted Millions of School, Colleges, Corporate Offices, Hospitals, and Many other Windows Operating System Involved Computing technology. WannaCry was a Global hit and so is Petya. Both of them damaged over a Million of Systems and Made Billions of Records and Files Unavailable. Somedays later, after the Builders scored over a million Dollars, Some Cyber Security Experts notified about The “Kill Switch” present with the Source code of WannaCry. Like WannaCry, “Petya” spreads rapidly through networks that use Microsoft Windows, but what is it, why is it happening and how can it be stopped?

What is Petya Ransomware:

Petya ransomware is the World’s Top second Ransomware attack ever. The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the same EternalBlue vulnerability. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cyber security company Proofpoint. Microsoft released all emergency patches since the time Of WannaCry and as usual, No One installed it.

For this particular malware outbreak, another line of defense has been discovered: “Petya” checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software. It goes thru the CHKDSK function with the Administration Privileges and Finally, it Erases the MBR of the System.

How to Evade Ransomware:

There was never a Cure for a Chaos like Petya but there are high-level precautions and Preventions to consider.

  • Check every file you download from the Internet, Online.
  • Use an Antivirus and keep it Updated. Automated Updates are recommended.
  • Open every application you download in the SandBox environment.
  • Keep your Windows Machine Updated. At least Use Emergency Patches.
  • Keep yourself updated with all updates in the Cybersecurity.
  • Follow the Top Most Cyber Security related Facebook and Twitter.

 

Leave a Reply