Petya is Here, And It’s Taking Cues from WannaCry

By on

Just over a month after the infamous WannaCry attack, a new worldwide cyberattack is here again. Its name is Petya, or Petwrap, it’s hit companies everywhere across Europe, including Ukraine’s government facilities, electric grids, banks, and public transportation, demanding a $300 ransom in Bitcoin in the process.

So how does this Petya attack work, exactly? Going after Windows servers, PCs, and laptops, this cyberattack appears to be an “updated variant” of the Petya malware virus. It uses the SMB (Server Message Block) vulnerability that WannaCry did to spread to unpatched devices in combination with a credential-stealing technique to spread non-vulnerable machines as well. This attack then encrypts, among other files, your master boot file. These messages recommend you conduct a system reboot, after which the system is inaccessible. This basically means the operating system won’t be able to locate files and, not to mention, there’s no way to decrypt files.

This makes Petya a wiper, instead of ransomware as it was first believed to be. And even though Petya demands a Bitcoin payment, these cybercriminals aren’t really in this for the money. In fact, its more likely that this was aimed at either causing destruction, or conducting a test to see how far this attack can spread, as these crooks may be potentially preparing for a larger attack in the future.

Now, the next question is – what can people do to stay secure? Though this attack is largely targeting companies, it’s important everyone stays vigilant and takes precautionary measures. Therefore, to stay protected from Petya, follow these tips:

-Always make sure your anti-virus is up-to-date to maximize the protection available to you.

-Don’t click too quickly. This attack may be spreading through phishing or spam emails, so make sure you check an email’s content for legitimacy. Hover over a link and see if it’s going to a reliable URL. Or, if you’re unsure about an email’s content or the source it came from, do a quick search and look for other instances of this campaign, and what those instances could tell you about the email’s legitimacy.

-Do a complete back up. Back up all of your machines immediately. If a machine becomes infected with Petya, data could become wiped entirely. Therefore, make sure you cover all your bases and have your data stored on an external hard drive or elsewhere.

-Apply system and application updates. Make sure your operating system is up-to-date to help contain the spread of malware. Petya is spreading in organizations using the same technique as WannaCry, infecting systems that did not have up-to-date OS patches.

We will update this post with breaking news.

For more information on this attack, check out the blog from our research team on Petya or the Knowledge Center. And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook.

Categories: Consumer Threat Notices
Tags: , ,

19 comments on “Petya is Here, And It’s Taking Cues from WannaCry

  • Rogie Fuentes says:

    This is very alarming I could not run my McAfee anti virus app and this was the message appear..” This app has been blocked for your protection..” and ” An administrator has blocked you from running this app. for more information contact the administrator..”

    please help me how solved this problem..

    Reply
  • gopakumar says:

    My phone is blocked by mcafee. And asking for pin. I dont have other accounts. Now i am aending this msg. From my friends phone. Pls. Help me to open my phone.

    Reply
  • Thank you so much for both warnings about ransome ware. I’m certain I’ve received at least one of these attempts at infecting my devices in that I was supposed to do something in their instructions (can’t remember exactly what it said), but at the end I was to shutdown my device, then reboot. The latter step sounded suspicious, so I didn’t do anything with it. I still have this message and if it would be helpful I can forward it to you. Shall I? I’ve also received at least 6-8 messages over the last couple months asking that I verify various aspects of my either device or email service. Everyone of these messages come from senders with a .edu address. Are thes related to Petra or wannacry scams?

    Reply
  • Cathy eckard says:

    They have already locked up my pc how can we get it unlocked.They are wanting 150.00 to unlock it.

    Reply
  • Ginger Winowich says:

    Is this attacking affecting Apple products as well as PCs? This notification i greatly appreciated.

    Reply
    • The current variant of Petya does not affect Mac products or mobile devices. It is targeted only at Windows systems.

      Reply
  • Michael Nathan says:

    A thank you for this warning. unfortunately I am really technically ignorant ,and too old to try to catch up with the advances in technology. I would appreciate your advice on which of your products would give me adequate cover and peace of mind . I have an Apple iPhone, iPad and Mac, as does my wife ( we share the Mac). I look forward to your reply and recommendation .

    I do not understand understand your comment ” duplicate ” etc after each submit stage

    Reply
    • The current variant of Petya does not affect Mac products or mobile devices. It is targeted only at Windows systems.

      Reply
  • Michael Nathan says:

    A thank you for this warning. unfortunately I am really technically ignorant ,and too old to try to catch up with the advances in technology. I would appreciate your advice on which of your products would give me adequate cover and peace of mind . I have an Apple iPhone, iPad and Mac, as does my wife ( we share the Mac). I look forward to your reply and recommendation .

    Reply
    • The current variant of Petya does not affect Mac products or mobile devices. It is targeted only at Windows systems.

      Reply
    • The current variant of Petya does not affect Mac products or mobile devices. It is targeted only at Windows systems.

      Reply

Leave a Comment

Similar articles

At the end of last year, a survey revealed that the most popular password was still “123456,” followed by “password.” These highly hackable choices are despite years of education around the importance of password security. So, what does this say about people who pick simple passwords? Most likely, they are shooting for a password that is ...
Read Blog
If you’re a gamer, you know how important virtual currency is. It allows you to purchase new costumes and weapons to personalize your avatar. But how does one go about gaining virtual currency? Players complete in-game challenges and are rewarded with coins to spend in their virtual world. These challenges can be pretty difficult and ...
Read Blog
Cryptocurrency mining is the way transactions are verified and added to the public ledger, a database of all the transactions made around a particular piece of cryptocurrency. Cryptocurrency miners compile all of these transactions into blocks and try to solve complicated mathematical problems to compete with other miners for bitcoins. To do this, miners need ...
Read Blog