The Danger is not over yet, the WannaCry ransomware is not dead yet and another large-scale ransomware attack is here, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and others. This ransom uses the contact details of email@example.com and asks for a payment of $300 in Bitcoin.
According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.
The main culprit behind this attack is a new ransomware that researchers initially called Petya, because it resembled an older ransomware strain that encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer. Later, it was discovered this is a new strain altogether, which researchers have started referring to as NotPetya or Petna.
Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.
Instead, Petya reboots victim’s computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Below is some useful information about the Ransomware
Researcher finds Petya ransomware encrypt system after rebooting the computer. So, in case your system is infected with Petya ransomware and it tries to restart, just do not power it back on.
“If machine reboots and you see this message, power off right away! this is the encryption manner. if you do now not power on, documents are fine.” “Use a LiveCD or external machine to recover files”
To safeguard against any ransomware infection, you should constantly be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.
Best protection from these kind of attacks is not using outdated and pirated software as they do not get any security updates and having secure & regular backups.
And make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.
|Email address associated with infections:|
|Targeted file extensions:|
|Ransom note name:|
|Ransom note text:|
Send your Bitcoin wallet ID and personal installation key to e-mail
Please follow the instructions:
Best protection from these types of the attacks is to safeguard your data with an efficient and secure Backup. Let us help you with this, click on buttons below to get started.