Petya Ransomware Cyberattack on June 28, 2017
The Petya Ransomware was first discovered in 2016. Petya is a malware that infects the Master Boot Record of the computers running Windows OS, and demands for a payment to be made in bitcoin as it encrypts the hard drive until the payment is made. In 2017, a new variant of Petya was discovered, which used the EternalBlue to exploit the systems, similar to another ransomware, the Wannacry, and was used for a global cyber attack. This variant also used classic SMB techniques to spread, so it could also affect a system patched against EternalBlue. The Petya ransomware cyberattack infected computers across various countries, with Ukraine being the most affected.
NotPetya Makes Use of Two Primary Methods
Petya, as ransomware, was already known by the time it caused major chaos in the computer world. Anyway, what was discovered on June 28, 2017, for the first time was something different, a newer version of the malware, which had many ways to propagate itself. Even if the malware was same, Kaspersky now referred to it as ‘NotPetya,’ to distinguish it from its previous versions. To spread, the NotPetya makes use of two primary methods;
- It first tries to copy itself to the admin system folder by acquiring the needed credentials. Then, this malware is executed remotely by PsExec or the Windows Management Instrumentation Command Line (WMIC) tool.
- It could also use SMB exploits, be it with Eternalblue or classic SMB ways.
First off, the malware scans the computer. If a computer has required processes that keep it secured from any EternalBlue exploit, it uses another approach.
Once it installs in a computer, it will overwrite the Windows bootloader and then forces a restart. After that, the payload is executed, as it encrypts the Master File Table of the NTFS file system and demands a payment be made In bitcoin before it decrypts the system again. The Petya could perform the encryption in two ways: user- mode encryption and full disk encryption.
Petya Ransomware Cyberattack Caused At Least a $10billion of Losses
It was confirmed In 2017 that the Petya ransomware cyberattack caused at least a $10billion of losses and had Ukraine, Germany, and Russia as the primary victims. Actually, it was Ukraine, which was the most affected with about 90% of the infections being reported from the country while 9% of the cyber attack was in Germany. Even if it was a primary target of the attack, Russia reported to have no significant damages done by the malware. Among the other, systems across France, Germany, Italy, Poland, the United States, and The United States were affected. In Ukraine, initially at least 80 companies were attacked, the National Bank of Ukraine being one of them. The reason for the outbreak is still unknown, but according to many, this cyberattack could be a political agenda against Ukraine, for it happened the day before the country’s Constitution Day.
The Petya ransomware generated a fake chkdsk window as it processed through encrypting the files. It was later found out that if a computer was shut down during this process, the malware could be stopped from spreading itself. Later on, the email address asking for the payment was terminated due to which the perpetrator was unable to receive any confirmation of payment.
Even if the Petya cyberattack is over, it still was another challenging incident of the cyber breaches which have been the cause of global concern.