From the past few days, a new line of ransomware is making rounds on people's computer. The attack pattern on this one is quite similar as seen in the WannaCry Ransomware attack last month. This type of attack is called Petya, while there are still some researchers are still trying to affirm the type as it has some miscellaneous features from a typical Petya type. Several countries including India have been affected by this rogue virus and it's spreading across all the remains regions through spam emails. Here are all the details.
What is Ransomware Virus?
It is lines of a hidden program attached with a host program when activated takes from the hostile system environment and its components. Upon activation, it takes all the usable files and folders and encrypts them to make them unreadable. After that attack, it asks for ransom money in exchange for the decryption key to decrypt the user files. Often to make the situation more troublesome, ransomware scrambles file name as well their extensions.
What is Petya and how does ransomware virus works?
One of the largest ransomware attacks happened in mid-2016 is known as Petya. This latest attack is the slight variant of Petya. Researchers have named it as Petware.
Basically, ransomware cannot as a normal line of code, it needs a vulnerability to access the system files. In last years attack Petya uses a vulnerability called EternalRomance which was previously used by NSA and afterward got leaked into Pastebin forums. It used as the program called Mimikatz to access secured network's administrator credentials, with the help of obtained credentials it keeps on affecting each device on the connected network and goes on encrypting each system's file.
Who has been affected by this Ransomware?
The first emergence of this virus is traced back to Ukraine. It was found to be injected in a proprietary government software used by major agencies in the country. A major part of the Ukraine is affected including air travels, signaling system, hospitals etc. As safety measures officials have disconnected the Chernobyl plant from the main grid and keep it offline.
As the reports come in India and few other countries also been hit with this ransomware. At the moment researchers claimed that is a targeted attack on specific regions.
What is the safety net from the malware?
Security Researchers and pen testers from all across the world is trying to find the cure of the attack and some of the ethical hackers are scanning for the kill switch and make this go away. To all those users who were affected in last few days, Security professional Hackerfantastic has suggested a way to prevent the total encryption process.
“If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine.”
~ Hacker Fantastic (@hackerfantastic)
Till now with the help of this attack, the hackers have been collected a total sum of $9,070 of Internet money. The transaction was done in bitcoins, which is an untraceable virtual currency.