New Deadly Ransomware named “Petya” Spreading across the Globe

Mar 15, 2019
Posted by
Cyber Security
GIS Consulting 120

“petyA” ransomware

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine's state-owned bank Oschadbank

A message demanding money is seen on a monitor of a payment terminal at a branch of Ukraine’s state-owned bank Oschadbank. “Petya” Ransomware.

  • Huge cyber attack cripples firms, airports, banks and government departments in Ukraine
  • Hack may have spread to Britain, with the advertising firm WPP affected
  • Danish and Spanish multinationals also paralysed by attack
    • Virus ‘a form of ransomware’ known as “Petya” Randsomware

As per BBC News; Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.

British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.

Ukrainian firms, including the state power company and Kiev’s main airport were among the first to report issues.

The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.

Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.

“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward. “Petya” Ransomware  Spreading Across The Globe. The updated version Petrwrap.

As reports emerge, today’s attack paints a picture of businesses and governments around the world held hostage by a second major wave of ransomware, a kind of software that hijacks computerized systems and demands payment, often in bitcoin, to unlock them.

Initially it appeared that the petya ransomware might center on Ukraine, though reports since then have confirmed that it also is affecting systems in Spain, France, Russia and India. Anecdotally, many more countries may be affected as governments and businesses around the world find themselves locked out of their own machines.

Unpatched PC’s were hit again by #Petya #ransomeware.
POS, Banks, ATMs, Airport, GOV, Media companies, Metro, Cargo, Post…#Eternalblue

— Lukas Stefanko (@LukasStefanko) June 27, 2017

Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue

— Ukraine / Україна (@Ukraine) June 27, 2017

Technical Details of Petya Ransomware

New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.

— Costin Raiu (@craiu) June 27, 2017

Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread

— Security Response (@threatintel) June 27, 2017

Petya was known to be RaaS (Ransomware-as-a-Service), selling on Tor hidden services. Looks like WannaCry copycat. Attribution will be hard.

— x0rz (@x0rz) June 27, 2017

According to a researcher at Kaspersky Lab, the ransomware appears to employ a forged Microsoft digital signature that exploits a Microsoft Office vulnerability that security firm FireEye discovered in April. So far, the ransomware appears to have targeted a number of global banks, including Russia’s Rosneft and Ukraine’s state-owned Oschadbank.

Removal of Petya Ransomware

The  New Deadly Ransomware Named “Petya” Spreading Across The Globe. “Petya” ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB).

Windows computers that have installed both the March 2017 and April 2017 security-patch bundles should be immune to today’s “petya” ransomware worm, which we’ll call “Petya” randsomware at the risk of being technically incorrect. (Kaspersky Lab has stated that today’s worm may not be related to “Petya” randsomware after all.) If you haven’t updated Windows recently, do so immediately. April and May’s patch bundles will be installed along with June’s.

UPDATE: This no longer seems to be entirely accurate. Researchers are now saying that even patched machines on enterprise networks are being infected using the Windows administration tools.

However, it’s unlikely that either Windows administration tool would be used to access a home computer. The best defense would be for home machines to install the latest Windows update, and to run antivirus software. As of 2:30 pm ET, 31 different antivirus brands detected the ransomware, including Fsecure, Avira, Bitdefender, ESET, Kaspersky, McAfee, Panda, Symantec/Norton and Trend Micro.

US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010(link is external). For general advice on how to best protect against “petya” ransomware infections, review US-CERT Alert TA16-091A.

Please report any “petya” ransomware incidents to the , our cybersecurity squad will help you with the solution.

Best regards

Naveen Dham

Chief Executive Officer

(B-Tech & MSc in Cyber Forensics & Information Security)
(LA /LI -ISO27001,PCI DSS, ISO9001 & ISO 20000)

(Now be a part of our blog at )

Global IS Consulting Team                                                                                                            

||Empowering Excellence||

479, DLF Phase-4, Sec-28, M.G.Road, Gurgaon, Haryana.

Phone +91 11-27056838 ||Mobile +91 9810956838 || Skype – naveen.dham

Checkout our more services on Information and Cyber Security.