Skip to main content

Petya ransomware attack picks up where WannaCry left off

(Image credit: Image source: Shutterstock/Carlos Amarillo)

Following the wake of last month's WannaCry (opens in new tab) attack, a new strain of ransomware has swept the world and infected at least 80 large companies. 

The latest ransomware attack, which is being referred to as PetyaWrap by some researchers, utilised two advanced exploits to spread across computer networks worldwide.  Just as WannaCry did, this new attack makes use of the EternalBlue exploit that was developed by the National Security Agency and later stolen. Kaspersky Lab (opens in new tab) has also revealed that Petya made use of another NSA exploit called EternalRomance to help it gain access to users' systems. 

Microsoft had previously patched both exploits but this new strain of ransomware also used the Mimikatz hacking tool to extract passwords from other computers on the same network.  Petya would then use these credentials to infect other machines on the network that were not vulnerable to either of the exploits by using Microsfot's own Windows Management Instrumentation.    

Once the malware has infected a system, it waits 10 to 60 seconds before rebooting and displaying a page informing the user that their files have been encrypted and can be unlocked by paying $300 in Bitcoin. 

The Petya ransomware began its attack on Tuesday in Ukraine and Russia and quickly spread to Poland, Italy, Spain, France, India and the US.  

So far the attack has earned its creators $6,000 in Bitcoin payments from affected users.  This number could easily increase though, once more systems become infected and continue to spread the malware. 

However a vaccine (opens in new tab) of sorts has been discovered that can prevent Petya from doing any more damage to your system.

Image Credit: Carlos Amarillo / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.