A ransomware Petya is making the rounds in Europe. It has already infected multiple organization in Europe. According to some security experts, the new ransomware attack is even larger attack than last month’s devastating WannaCry. Some of the larger organizations currently known as being affected are Danish shipping giant Maersk and Russia’s largest oil producer, Rosneft.
Petya infections reports are coming from Russia, Ukraine, Denmark, Spain and across Europe at large and even the US. Ukraine seems to be the worst hit, though, with not only businesses in the country seeing their systems lock down but also important governmental organizations, like the Central Bank, state telecom, municipal metro and even the Boryspil Airport in Kiev.
[HOT] New Petya (MBR #ransomware) “loaded” with #ETERNALBLUE SMBv1 worm functionality (see ARP scan indicator): https://t.co/np2xM4309b pic.twitter.com/owd6zb7fhN
— Payload Security (@PayloadSecurity) June 27, 2017
According to Kaspersky Lab, the ransomware is called Petrwrap, which is a modified version of Petya. The technical details of Petya still unknown, however, security firms Avira and Payload Security have claimed that the ransomware uses the same EternalBlue exploit that was found in WannaCry, and which Microsoft had issued a fix for months ago. Even the defunct Windows 8, XP and Server 2003 received emergency patches.
With the current Petya ransomware, hackers are demanding $300 in Bitcoin for the decryption key. However, the ransomware scheme may not yield much money for the attackers as most users chose not to pay in that instance. Fix for Petya ransomware is currently not available.
