In May, a ransomware called WannaCry became famous around the world for holding computers' file systems as hostages. Last week, government institutions (like Ukraine's national bank) and companies from the private sector reported that another outbreak has started.
The ransomware responsible for haunting these organizations is called Petya, although this name originates from a ransomware that attacked last year. Similar to WannyCry, Petya ransomware starts by encrypting a computer's file systems and then it demands payment to restore access to these files.
What Is Ransomware?
The very definition of ransomware is a malware that blocks access to the victim's data until a ransom is paid. There are some examples ransomware that lock the systems in a way that is not difficult to reverse, but the more advanced ones are using a technique called cryptoviral extortion. This technique consists of encrypting victims' files, thus making them inaccessible. To regain access, the authors demand a ransom payment in exchange for reversing the encryption. Nowadays, most ransomware attackers are requesting Bitcoins as payment, to take advantage of cryptocurrency's anonymity.
What Is Petya Ransomware?
The real name of the ransomware that is striking today has not been defined. But, as this ransomware is supposed to be a variant of Petya, the name is being reused. Petya locks a computer's hard drive as well as individual files stored on it. It's not easy to recover data from the computers affected by this malware.
One interesting fact is that cyber security experts at Kaspersky Lab have released a report that said the ransomware was not related to Petya but was, in fact, a new ransomware it called NotPetya. The contradictions have not yet been clarified.
How Petya Started
A Ukrainian software firm is alleged to be the source of the recent outbreak. Although there is no confirmation of this, and the company has denied these claims in a Facebook post, the outbreak is indeed striking Ukraine harder than any other country.
How the Petya Ransomware Spreads
Researchers are saying that this new outbreak is hitting systems via the same leaked NSA vulnerabilities used by WannaCry. The analysis of some of Petya's samples confirmed that the malware author used the EternalBlue exploits, which targeted a vulnerability in Microsoft Windows. Microsoft already created patches to solve the EternalBlue vulnerability, but many computers out there don't have this patch applied.
How Do I Protect Myself?
Although no solutions were found for retrieving data from computers affected by Petya so far, you can review and update your devices and also check that your approach to security is good.