2017-07-04 09:54:12
Petya Ransomware: What is it & How can it be stopped?
On 27 June 2017, several organizations across the world, especially in the Europe, reported ransomware infecting their systems, modifying their master boot records and encrypting the files. Even in India, operations at one of three terminals at the Jawaharlal Nehru Port, Mumbai were disrupted by the global ransomware attack.
The ransomware, which was identified as a new strain of the existing Petya, is spreading rapidly, affecting organizations, businesses, and end users. This Ukraine-originated, as believed by many, ransom attack turning into an outbreak reminiscent of the one caused by WannaCry that took place in May 2017.
Against this backdrop, Jagran Josh is providing you all the details that one should know about ransomware in general and the Petya in particular. The details are given below.

What is ransomware?
Ransomware is a type of malicious software that infects and restricts access to a computer until a ransom is paid. Although there are other methods of delivery, ransomware is frequently delivered through phishing emails and exploits unpatched vulnerabilities in software.
What is the modus operandi?
Phishing emails are crafted to appear as though they have been sent from a legitimate organization or known individual. These emails often entice users to click on a link or open an attachment containing malicious code. After the code is run, a computer becomes prone to infections from malware.
Why is it called Petya Ransomware?
The recent malware bears superficial resemblance to the latest versions of Petya, which is a ransomware strain first spotted in 2015 itself. It should be noted that Petya is Russian for "Pete”, which means rock in Greek.
However, as per some researchers, the recent version of Petya is an entirely new version of malware that's just designed to look like the real Petya. The real Petya, for instance, has a sophisticated ransom-collection and file-decrypting mechanism, and the present version doesn't have these features.
How does the Petya spread?
Primarily, Petya is a worm. Hence, it has the ability to self-propagate. As per the experts, Petya this by building a list of target computers and using two methods to spread to those computers. The two methods are – IP address and Credential gathering and Lateral movement.
Method 1 - IP address and Credential gathering: In the first method, the ransomware builds a list of IP addresses to spread to, which includes primarily addresses on the local area network (LAN) but also remote IPs. Due to this reason, large organizations using networks are more prone to this malware than compared to stand-alone computers and individual internet users.
Once the list of target computers has been identified, Petya builds out a list of user names and passwords it can use to spread to those targets. The list of user names and passwords is stored in memory. It uses two methods to gather credentials - Gathers user names and passwords from Windows Credential Manager and Drops and executes a 32bit or 64bit credential dumper.
Method 2 – Lateral Movement: Petya uses two primary methods to spread across networks - Execution across network shares and SMB exploits.
What does the Petya do?
Petya differs from typical ransomware as it not only encrypt files, it also overwrites and encrypts the master boot record (MBR). It should be noted that the MBR Is also called as the master partition table as it includes a table that locates each partition that the hard disk has been formatted into.
The modified MBR allows the Petya to hijack the normal loading process of the infected computer during the next system reboot. Further, the modified MBR is used to encrypt the hard disk while simulating a CHKDSK screen. Finally, the malware displays a ransom note to the user. In the latest attack, the attackers demanded $300 in bitcoins be paid to recover files.
What you should do to shield your system from Petya?
To shiled your system from ransomware attacks, perform the following tasks.
•Perform frequent backups of system
766 views06:54
C
