The Latest Petya Ransomware: Like WannaCry or Worse?

Petya Ransomware

Petya Ransomware is the latest in the realm of ransomware attacks. According to recent reports, it is believed to be more dangerous than the WannaCry ransomware as it comes with much stronger encryption. Unlike WannaCry, Petya doesn’t just encrypt data for a ransom. It hijacks and renders computers entirely inaccessible with the encryption of  their Master Boot Record (MBR).

The initial Petya ransomware released in March 2016. However, a new Petya variant released in June 2017, has so far affected organizations in over 65 countries across the world.  In fact, the new Petya variant is not exactly ransomware. Instead, it’s wiper malware disguised as ransomware to destroy data and corrupt systems.

 

Similarities:

WannaCry and the recent Petya ransomware variant both targeted only systems running the Windows OS. In addition, they both took advantage of an Server Message Block vulnerability to rapidly take ove a network, using EternalBlue exploit. The use of this exploit provided both types of malware with worm capabilities, helping attackers maximize the damage.

 

Differences:

It should be noted though, the WannaCry and this Petya variant have more differences than similarities, the Petya variant was far more destructive.

 

 

 

 

It is evident that though a bit similar, these ransomwares had very different intents. The intent of WannaCry was purely financial gain. Victims were made to lose data if they did not have recent backups and were not willing to pay the ransom.

In the case of this Petya variant, the intention was to cause wide scale system destruction and disrupt operations in organizations. The corruption of the MBR and MFT made it very difficult to recover data on infected systems.

 

Exit mobile version