DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports Events Over 2 million developers have joined DZone. Join Today! Thanks for visiting DZone today,
Edit Profile Manage Email Subscriptions Moderation Admin Console How to Post to DZone Article Submission Guidelines
View Profile
Sign Out
Refcards
Trend Reports
Events
Zones
Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
  1. DZone
  2. Software Design and Architecture
  3. Security
  4. Global Ransomware Strikes Again

Global Ransomware Strikes Again

If you thought WannaCry was fun, then you're gonna love this article. A new ransomware has surfaced that exploits similar vulnerabilities.

Bruno Krebs user avatar by
Bruno Krebs
·
Jul. 03, 17 · News
Like (2)
Save
Tweet
Share
2.76K Views

Join the DZone community and get the full member experience.

Join For Free

In May, a ransomware called WannaCry became famous around the world for holding computers' file systems as hostages. Last week, government institutions (like Ukraine's national bank) and companies from the private sector reported that another outbreak has started.

The ransomware responsible for haunting these organizations is called Petya, although this name originates from a ransomware that attacked last year. Similar to WannyCry, Petya ransomware starts by encrypting a computer's file systems and then it demands payment to restore access to these files.

What Is Ransomware?

The very definition of ransomware is a malware that blocks access to the victim's data until a ransom is paid. There are some examples ransomware that lock the systems in a way that is not difficult to reverse, but the more advanced ones are using a technique called cryptoviral extortion. This technique consists of encrypting victims' files, thus making them inaccessible. To regain access, the authors demand a ransom payment in exchange for reversing the encryption. Nowadays, most ransomware attackers are requesting Bitcoins as payment, to take advantage of cryptocurrency's anonymity.

What Is Petya Ransomware?

The real name of the ransomware that is striking today has not been defined. But, as this ransomware is supposed to be a variant of Petya, the name is being reused. Petya locks a computer's hard drive as well as individual files stored on it. It's not easy to recover data from the computers affected by this malware.

One interesting fact is that cyber security experts at Kaspersky Lab have released a report that said the ransomware was not related to Petya but was, in fact, a new ransomware it called NotPetya. The contradictions have not yet been clarified.

NotPetya/Petya screenshot

How Petya Started

A Ukrainian software firm is alleged to be the source of the recent outbreak. Although there is no confirmation of this, and the company has denied these claims in a Facebook post, the outbreak is indeed striking Ukraine harder than any other country.

Petya/NotPetya attacks by country

How the Petya Ransomware Spreads

Researchers are saying that this new outbreak is hitting systems via the same leaked NSA vulnerabilities used by WannaCry. The analysis of some of Petya's samples confirmed that the malware author used the EternalBlue exploits, which targeted a vulnerability in Microsoft Windows. Microsoft already created patches to solve the EternalBlue vulnerability, but many computers out there don't have this patch applied.

How Do I Protect Myself?

Although no solutions were found for retrieving data from computers affected by Petya so far, you can review and update your devices and also check that your approach to security is good. 

Computer Data (computing) Vulnerability Malware Patch (computing) security Lock (computer science) Advantage (cryptography)

Published at DZone with permission of Bruno Krebs, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • How Do the Docker Client and Docker Servers Work?
  • Continuous Development: Building the Thing Right, to Build the Right Thing
  • Top 12 Technical Skills Every Software Tester Must Have
  • How and Why You Should Start Automating DevOps

Comments

Partner Resources

X

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends: