The original variant of Petya also required admin permissions that many experienced users didn’t share. ![]() For one, it tried to trick users into opening it, and many modern computer users can identify social engineering techniques like phishing attacks. Petya didn’t spread nearly as rapidly as NotPetya for a few reasons. Although both Petya and NotPetya can help a cybercriminal launch a ransomware attack, some critical differences exist. Cybersecurity experts named it "NotPetya," and the name stuck. NotPetya was a souped-up version of Petya. What is the difference between Petya and NotPetya? Petya would demand Bitcoin from victims to restore access. While the files on a computer infected by Petya weren’t encrypted, corrupted, or lost, they were inaccessible. After rebooting a target’s computer like a boot sector virus, it would overwrite the Master Boot Record (MBR) to encrypt the hard drive. As soon as someone activated Petya and gave it admin access, the ransomware would go to work. ![]() The ransomware spread through phishing emails carrying a PDF functioning as a Trojan horse. While Petya’s penetration rate was average, its encryption technique was innovative and unusual. Its name is inspired by a fictional Soviet satellite from the James Bond film GoldenEye (1995). Petya is an encrypting malware that researchers found in 2016. It primarily hit organizations in Ukraine. Unlike Petya, NotPetya may have been a cyberweapon. Another variant of Petya was more dangerous, though, infecting boot records and encrypting documents.Ī significantly modified version of Petya, dubbed by researchers as NotPetya, was more destructive and prolific than old Petya versions. ![]() Petya’s first variant encrypted master boot records to render entire hard drives inaccessible instead of encrypting specific files like typical ransomware. An external, USB-based hard drive docking station can be used.Petya and NotPetya hit computers in 20, respectively, the latter resulting in billions of dollars in damages. However, because the infected computer can no longer boot into Windows, using the tool requires taking out the affected hard drive and connecting it to a different computer where the tool can run. If that sounds complicated, no worries: Fabian Wosar from security firm Emsisoft created a simple and free tool that can do it for you. Someone using the online handle leostone devised an algorithm to crack the key needed to restore the MFT and recover from a Petya infection.Ĭomputer experts from the popular tech support forum confirmed that the technique works, but it requires extracting some data from an affected hard drive: 512 bytes starting at sector 55 (0x37h) with an offset of 0 and an 8-byte nonce from sector 54 (0x36) offset 33 (0x21). Using data recovery tools to reconstruct files might be possible, but it is not guaranteed to work perfectly and would be time-consuming.įortunately, resorting to that method is no longer necessary, and neither is paying Petya's authors. The actual contents of the user's files are not encrypted, but without the MFT, the OS no longer knows where those files are located on disk.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |