Petya 2017 Ransomware

Petya 2017 Ransomware Description

Type: Ransomware

The Petya 2017 Ransomware is a threat infection that has been targeting computers in Europe. The Petya 2017 Ransomware attacks have been taking place since the end of June 2017. The Petya 2017 Ransomware seems to be a sophisticated ransomware Trojan that is designed to infect computers belonging to businesses, organizations and Web servers. There are various parallels between the Petya 2017 Ransomware campaign and the WannaCry threat campaign, which claimed several high-profile victims earlier in 2017. Among the victims of the Petya 2017 Ransomware infection are the computers of the Chernobyl nuclear plant, according to reports received by malware analysts.

Is the Petya 2017 Ransomware Related to the WannaCry Attack?

At this point, malware analysts suspect that there may be some connection with the WannaCry threat campaign. However, it is clear that the Petya 2017 Ransomware is a variant of the Petya ransomware family, a well-known ransomware Trojan that has been active for a while. The Petya 2017 Ransomware is a new variant that may have some connection to previous campaigns. It has been capable of infecting more than 2000 computers in a single day, making the Petya 2017 Ransomware a significant risk to computer users and their data. Currently, the Petya 2017 Ransomware attacks are concentrated in Europe, particularly targeting Ukraine, which makes it seem that the Petya 2017 Ransomware may be connected to a state-sponsored attack from Russia. One reason to believe this is that the Ukrainian power grid and utility companies have been targeted in this attack, and also have been targeted by other attacks from Russia. The sophistication of the Petya 2017 Ransomware also points to the fact that its creators may have significant resources, allowing them to carry out an attack of this magnitude.

The Consequences of a Petya 2017 Ransomware Attack

The Petya 2017 Ransomware has attacked several high-profile Ukrainian targets. Among these are the state telecommunications company, the electricity supplier, the municipal metro, the Ukrainian central bank, and the Kiev airport. The Petya 2017 Ransomware attack also has attacked the computers at the Chernobyl nuclear plant. All of the computers using the Windows operating system have shut down, and manual systems are being used to make sure the power plant continues to operate safely. However, not only Ukraine has been under attack. Other infections have shown up in the United States and in other countries, although these are isolated attacks and do not seem to have the sophistication or the targeted nature that the ones in Ukraine present. As of writing, a hospital in the United States was compromised in the Petya 2017 Ransomware attack. Some Russian companies also have fallen to the Petya 2017 Ransomware, including the Russian oil company Rosneft (which may put into question the idea that the Petya 2017 Ransomware is part of a state-sponsored attack). Important companies in Spain and the United Kingdom also have reported problems related to the Petya 2017 Ransomware infection.

The Petya 2017 Ransomware Ransom Payments and Reports

In the short time between when the Petya 2017 Ransomware attacks were first observed and the writing of this report, at least 20 payment transactions had been made related to the Petya 2017 Ransomware. The Petya 2017 Ransomware demands payments of $300 USD in BitCoins, and nearly $5000 USD had been posted to the BitCoin wallet associated with the Petya 2017 Ransomware in only a short time. At this time it is unclear exactly how the Petya 2017 Ransomware is being distributed. It is possible that the Petya 2017 Ransomware is exploiting a vulnerability in Windows that has not been patched yet. These attacks may, in some way, be related to the software vulnerabilities misappropriated from the NSA earlier in 2017, which also were responsible for the extent of WannaCry attacks.

Technical Information

File System Details

Petya 2017 Ransomware creates the following file(s):
# File Name MD5 Detection Count
1 Endermanch@Petya.A.exe af2379cc4d607a45ac44d62135fb7015 47
2 Mario.exe 71b6a493388e7d0b40c83ce903bc6b04 24
3 0ab24839ec775809db2c997fb4adc2792b3312ad029488a9ff4b36ca90e21e23(1).exe 16a2fd266cbf9d88fb359c82e9ff5bb3 1
4 myguy.exe a1d5895f85751dfe67d19cccb51b051a 0
5 Order-20062017.doc 415fe69bf32634ca98fa07633f4118e1 0
6 8baa0535ff2f2f3b0f2c0b45b537b4f8 8baa0535ff2f2f3b0f2c0b45b537b4f8 0

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.