Petya ransomware creates huge chaos, crashes Windows PCs shut in massive attack

Petya ransomware creates huge chaos, crashes Windows PCs shut in massive attack
The Siliconreview
29 June, 2017

After global ransomware WannaCry created havoc, another extensive ransomware attack is menacing to cause havoc across the world recently. 

Many businesses and government agencies from the world have been hit with a variation of the Petya ransomware – which is a, malware that holds vital files captive. And also demans $300 in bitcoin prior to the victims can recover access.

Recognized by security firm Bitdefender as GoldenEye, the new ransomware has two layers of encryption, as per the researchers. It tresses up both user files and user computer's file system.

"Just like Petya, it is particularly dangerous because it doesn't only encrypt files, it also encrypts the hard drive as well," said Bogdan Botezatu, a senior threat analyst with Bitdefender. 

What does it do- The malware forces an infected PC to reboot as soon as it finishes encrypting files, so one can perceive the ransom demands as soon as possible. Researchers at Recorded Future said there's also a hidden Trojan on Petya that steals victims' usernames and passwords. 

Petya attacks is the second global ransomware attack in the last two months, following WannaCry eruption that ensnared more than 200,000 computers, locking up hospitals, banks and universities. Like WannaCry, the GoldenEye and Petya attacks affect only computers running the Windows operating systems.

According to Anomali, a threat intelligence company, the tech giant Microsoft released patches for all Windows operating systems after the worldwide outburst, but the people who've updated their computers could still be affected. The reason behind which is because Petya can also stretch through Office documents, taking advantage of yet another vulnerability and combining it with similar wormholes a la WannaCry.

According to data from Avast's Wi-Fi Inspector, around more than 38 million computers scanned last week are still susceptible to the ransomware attack because they have not patched their systems.

"The actual number of vulnerable PCs is probably much higher," Jakub Krostek, Avast's Threat Lab Team lead, said. 

However, the major dissimilarity between Petya and WannaCry is that Petya in fact does not have a kill-switch that could be accidentally triggered.

The hit list- Many Government agencies in Ukraine, along with few financial firms, banks and a power distributor, suffered attack recently. Russia's largest oil exporter, Rosneft, was also slammed with a cyberattack on its servers.