Petya Ransomware - TCS Prevention and Recovery Advisory

Petya Ransomware - TCS Prevention and Recovery Advisory
On 27th June, 2017, a new worm like ransomware called Petya / NotPetya has affected organizations around the world. After the infection the malware, using the password harvesting utility, ETERNALBLUE exploit and ETERNALROMANCE exploit, infects all computers on the local network. Despite the fact that Petya / NotPetya virus actively uses these two exploits to infect as many computers as possible, it does not spread through the Internet, it hits computers only on the local network (where the virus first penetrated).
Petya / NotPetya encrypts entire hard drive, by encrypting the system volume, Master File Table and Master Boot Record, Petya / NotPetya prevents the system from booting normally and hooks it into Petya's own bootloader with the ransom note displayed on the screen. This prevents attempts at file recovery using standard forensic techniques such as booting to a LiveCD or other OS.

Petya (Petwrap) Ransomware Attack

There is another major ransomware attack named "Petya" which is spreading quickly and affecting various countries globally. Ransomware is a malicious malware, which typically restricts users' access to machine until a said ransom is paid to get the key and unlock it.
Petya ransomware reboots victim's computer, encrypts master file table including rendering the master boot records (MBR) of infected Windows computer, thus making the affected computer unusable. Present reports indicate that the ransomware exploit vulnerabilities in Server Message Block (SMB).
Please read the attached document for more details on this ransomware.


Subscribe to RSS - Petya