Information Technology

The Complete Guide to Petya and NotPetya Ransomware

What is Petya and NotPetya?

Notpetya and Petya are two different types of ransomware that are currently affecting the world. The Notpetya ransomware is spreading through email attachments, while the Petya ransomware is a type of ransomware that locks affected computers with a message asking you to pay a fee to unlock your computer.

Petya: Petya is a type of malware that spreads through emails. It’s designed to spread quickly, and can lock the victims’ files in a binary format. Once infected, it can’t be removed, and the victim will not be able to recover the data from the infected computer. The Petya malware was started in March 2016. The malware was attached to an email purporting to be a job applicant resume. It consisted of two files, one was an image of the applicant and other was an executable file. After opening that file, the malware spread in the window. 

History :

Though first discovered in 2016, Petya began making news in 2017 when a new variant was used in a massive cyberattack against Ukrainian targets. It quickly spread worldwide, crippling businesses and causing more than $10 billion in damages.

The new variant, also dubbed “NotPetya” because of key differences with the original, spread using an exploit known as EternalBlue. The exploit was developed by and later stolen from the U.S. National Security Agency (NSA). Once on a compromised system, EternalBlue exploits a flaw in Windows networking protocols to silently spread across networks. NotPetya was narrowly targeted, though quickly grew into a wider threat. And despite displaying the usual signs of a ransomware attack such as the ransomware demand wasn’t designed to actually collect any money. Those traits led researchers to conclude that the virus was a state-sponsored destructive attack, not an act of cybercrime.

Difference between Petya and Notpetya

The Notpetya ransomware was a sophisticated piece of malware that spread across the globe in 2017. It was able to infect systems and encrypt data. It used a variety of techniques to spread and it is still spreading. The malware has been called “NotPetya” because it did not contain any Petya code, and it was not the work of Russian hackers.

  • A Notpetya is a ransomware which spreads by itself. It encrypts the victims files and takes control of the computer and displays ransom message. The victim has to pay an amount of ransom to get their files back and eventually the affected computer will be rendered useless.
  • Petya, the notorious ransomware that was recently released in the form of an attachment, does not require any intervention from a human being. It can be installed on its own and will be able to execute its malicious functions once it is opened.
  • The Notpetya ransomware attacks were the largest of its kind globally. It was more powerful than Petya and affected more than 300,000 systems in 150 countries.
  • Notpetya is a malware that infected hundreds of thousands of computers in Ukraine, Russia and other countries. The malware is used to spread a ransomware called NotPetya. The virus encrypts sensitive data on the compromised computer. After the victim pays an amount of Bitcoin to decrypt the data, the virus was removed from their system, leaving them with only their encrypted documents.
  • In Petya, the message kept on the screen says that they are supposed to send the bitcoin along with a ransom.

How to prevent Petya and NotPetya infections

We have seen that Petya and NotPetya attacks have been spreading on the internet. The main reason for this is that ransomware is spreading on the internet. These are not just attacks – they are also a way of life.

These three steps can help make a Petya or NotPetya attack far less likely:

  • Backing up files and data: Keeping backup copies of important files does not prevent ransomware infections, but it does help an organization recover more quickly from one. In the case of an attack that wipes out files like NotPetya, this may in fact be the only way to get the files back.
  • Strengthening email security practices: Petya is a new ransomware family. It is well-known for its ability to spread via email attachments. Most Petya attacks, and some NotPetya attacks, started with an infected email attachment. Malware is a serious problem for all organizations, which prevents people from using their email safely. To address this, companies can use a variety of measures like scanning email for malware and removing spam and malicious attachments.
  • Regularly patching vulnerabilities: The EternalBlue exploit used by NotPetya had an available patch months before the attacks took place. Ransomware attacks in general often exploit software vulnerabilities to either enter a network or move laterally within it. Updating software and patching vulnerabilities can help eliminate these attack vectors.

CXO's Journal

I'm a self-taught hacker, I do a little bit of everything: hacking (security), cryptography, Linux system administration, networking/routing and virtualization/hardware/software development. I'm a freelance IT Support Advisor, providing IT support to small and medium-sized enterprises (SMEs).
Back to top button