Skip to main content

Ransomware Named Petya May Be Next Wannacry

By July 1, 2017May 24th, 2021Cybersecurity

After the global Wannacry attack and Microsoft’s emergency patch to close the loopholes that made it possible, you might have been lulled into thinking that a similar attack was no longer possible.

Sadly, you would be incorrect in thinking this. As you read these words, a similar, and in some ways worse, form of ransomware called Petya (also known as Petwrap) is currently infecting computers at a blistering pace.

For the moment, the infection is centered primarily in Russia, the Ukraine, Spain, France, the UK and India, but it’s on the verge of being another worldwide assault.

It relies on the same vulnerability that made Wannacry so successful: the SMBv1 vulnerability. This is proof that there are plenty of people around the world who simply don’t grab and install security patches when and as they are released.

Petya adds a new wrinkle as well. It also utilizes an NSA exploit called EternalBlue, which was released as part of a data dump by an infamous group of hackers called the Shadow Brokers. The inclusion of this additional exploit explains why even systems that have been patched have been reported as being infected.

Another key difference is that Wannacry works by encrypting files one by one. Petya reboots the victim’s computer and encrypts the hard drive’s master file table (MFT), making it impossible to get into the infected PC at all.

However, this is in some ways a mixed blessing because if you get infected and see your computer reboot, you can stop the encryption process simply by unplugging the PC and not powering it back on. Then, you can use another PC to recover your files.

One thing you don’t want to do in this instance, no matter how tempting it might be, is to pay the ransom.

This is because the email address the hackers were using to communicate has been suspended by the German provider, Posteo.

There’s no indication how far the Petya ransomware will spread, and there aren’t any good options for file recovery. As ever, vigilance is your best defense.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.