Skip to main content

Petya ransomware attack picks up where WannaCry left off

(Image credit: Image source: Shutterstock/Carlos Amarillo)

Following the wake of last month's WannaCry attack, a new strain of ransomware has swept the world and infected at least 80 large companies. 

The latest ransomware attack, which is being referred to as PetyaWrap by some researchers, utilised two advanced exploits to spread across computer networks worldwide.  Just as WannaCry did, this new attack makes use of the EternalBlue exploit that was developed by the National Security Agency and later stolen. Kaspersky Lab has also revealed that Petya made use of another NSA exploit called EternalRomance to help it gain access to users' systems. 

Microsoft had previously patched both exploits but this new strain of ransomware also used the Mimikatz hacking tool to extract passwords from other computers on the same network.  Petya would then use these credentials to infect other machines on the network that were not vulnerable to either of the exploits by using Microsfot's own Windows Management Instrumentation.    

Once the malware has infected a system, it waits 10 to 60 seconds before rebooting and displaying a page informing the user that their files have been encrypted and can be unlocked by paying $300 in Bitcoin. 

The Petya ransomware began its attack on Tuesday in Ukraine and Russia and quickly spread to Poland, Italy, Spain, France, India and the US.  

So far the attack has earned its creators $6,000 in Bitcoin payments from affected users.  This number could easily increase though, once more systems become infected and continue to spread the malware. 

However a vaccine of sorts has been discovered that can prevent Petya from doing any more damage to your system.

Image Credit: Carlos Amarillo / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.