The Danger is not over yet, the WannaCry ransomware is not dead yet and another large-scale ransomware attack is here, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and others. This ransom uses the contact details of firstname.lastname@example.org and asks for a payment of $300 in Bitcoin.
According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.
The main culprit behind this attack is a new ransomware that researchers initially called Petya, because it resembled an older ransomware strain that encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer. Later, it was discovered this is a new strain altogether, which researchers have started referring to as NotPetya or Petna.
Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.
Instead, Petya reboots victim’s computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Below is some useful information about the Ransomware
Researcher finds Petya ransomware encrypt system after rebooting the computer. So, in case your system is infected with Petya ransomware and it tries to restart, just do not power it back on.
“If machine reboots and you see this message, power off right away! this is the encryption manner. if you do now not power on, documents are fine.” “Use a LiveCD or external machine to recover files”
To safeguard against any ransomware infection, you should constantly be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.
Best protection from these kind of attacks is not using outdated and pirated software as they do not get any security updates and having secure & regular backups.
And make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.
|Email address associated with infections:|
|Targeted file extensions:|
|Ransom note name:|
|Ransom note text:|
|Send your Bitcoin wallet ID and personal installation key to e-mail|
Ooops, your important files are encrypted.
If you see this text, then your files are no longer accessible, because
they have been encrypted. Perhaps you are busy looking for a way to recover
your files, but don’t waste your time. Nobody can recover your files without
our decryption service.
We guarantee that you can recover all your files safely and easily.
All you need to do is submit the payment and purchase the decryption key.Please follow the instructions:
Send $300 worth of Bitcoin to following address:
Does not encrypt files in this folder: