Petya 2017 Ransomware DescriptionType: Ransomware
The Petya 2017 Ransomware is a threat infection that has been targeting computers in Europe. The Petya 2017 Ransomware attacks have been taking place since the end of June 2017. The Petya 2017 Ransomware seems to be a sophisticated ransomware Trojan that is designed to infect computers belonging to businesses, organizations and Web servers. There are various parallels between the Petya 2017 Ransomware campaign and the WannaCry threat campaign, which claimed several high-profile victims earlier in 2017. Among the victims of the Petya 2017 Ransomware infection are the computers of the Chernobyl nuclear plant, according to reports received by malware analysts.
Is the Petya 2017 Ransomware Related to the WannaCry Attack?
At this point, malware analysts suspect that there may be some connection with the WannaCry threat campaign. However, it is clear that the Petya 2017 Ransomware is a variant of the Petya ransomware family, a well-known ransomware Trojan that has been active for a while. The Petya 2017 Ransomware is a new variant that may have some connection to previous campaigns. It has been capable of infecting more than 2000 computers in a single day, making the Petya 2017 Ransomware a significant risk to computer users and their data. Currently, the Petya 2017 Ransomware attacks are concentrated in Europe, particularly targeting Ukraine, which makes it seem that the Petya 2017 Ransomware may be connected to a state-sponsored attack from Russia. One reason to believe this is that the Ukrainian power grid and utility companies have been targeted in this attack, and also have been targeted by other attacks from Russia. The sophistication of the Petya 2017 Ransomware also points to the fact that its creators may have significant resources, allowing them to carry out an attack of this magnitude.
The Consequences of a Petya 2017 Ransomware Attack
The Petya 2017 Ransomware has attacked several high-profile Ukrainian targets. Among these are the state telecommunications company, the electricity supplier, the municipal metro, the Ukrainian central bank, and the Kiev airport. The Petya 2017 Ransomware attack also has attacked the computers at the Chernobyl nuclear plant. All of the computers using the Windows operating system have shut down, and manual systems are being used to make sure the power plant continues to operate safely. However, not only Ukraine has been under attack. Other infections have shown up in the United States and in other countries, although these are isolated attacks and do not seem to have the sophistication or the targeted nature that the ones in Ukraine present. As of writing, a hospital in the United States was compromised in the Petya 2017 Ransomware attack. Some Russian companies also have fallen to the Petya 2017 Ransomware, including the Russian oil company Rosneft (which may put into question the idea that the Petya 2017 Ransomware is part of a state-sponsored attack). Important companies in Spain and the United Kingdom also have reported problems related to the Petya 2017 Ransomware infection.
The Petya 2017 Ransomware Ransom Payments and Reports
In the short time between when the Petya 2017 Ransomware attacks were first observed and the writing of this report, at least 20 payment transactions had been made related to the Petya 2017 Ransomware. The Petya 2017 Ransomware demands payments of $300 USD in BitCoins, and nearly $5000 USD had been posted to the BitCoin wallet associated with the Petya 2017 Ransomware in only a short time. At this time it is unclear exactly how the Petya 2017 Ransomware is being distributed. It is possible that the Petya 2017 Ransomware is exploiting a vulnerability in Windows that has not been patched yet. These attacks may, in some way, be related to the software vulnerabilities misappropriated from the NSA earlier in 2017, which also were responsible for the extent of WannaCry attacks.
File System Details
|#||File Name||MD5||Detection Count|
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.