Petya ransomware began spreading internationally on June 27, 2017. This cyberattack targeted Windows servers, computers, and laptops. It appeared to be an updated version of the Petya malware. The Server Message Block vulnerability used by WannaCry to spread to unpatched devices as well as a credential-stealing method to spread to other machines was used. Petya was a cyberattack that spread throughout the globe, but it was most prominently focused on Ukraine in its June 2017 attack.
How is the Petya virus transmitted and infected devices?
Petya exploits CVE-2017-0144, a vulnerability in Microsoft’s implementation for the Server Message Block protocol. This attack, which exploits the vulnerability in Microsoft’s implementation of the Server Message Block protocol, encrypts the master boot record and other files. After the attack, it sends the user a message requesting that the system be rebooted. This makes the operating system incapable of locating files and there is no way to decrypt the files, which makes Petya a wiper rather than ransomware, which it was first believed to be.
This new variant is even more powerful than the WannaCry virus in May 2017 and has a spreading mechanism that’s similar to WannaCry. A set of critical patches was released by Microsoft on March 14 to remove the underlying vulnerability in supported versions of Windows, but many organizations may not have yet applied these patches.
How can I protect myself against Petya?
Preventive measures are the best way to protect yourself against Petya. Petya viruses are spread through spam and phishing emails. Make sure to verify the content of any email. Click on a link to verify that it is going to a trusted URL. If you have any doubts about an email’s source or content, you can do an internet search to find other examples of the campaign. These instances may give you information about the legitimacy of the email. A complete backup should be done on your device. Data could be lost if a computer is infected by the Petya virus. Backups can be made on external hard drives, in the cloud, or any other third-party storage options. Importantly, make sure to apply system and app updates as soon as they become available. Petya, along with other attacks, rely on unpatched vulnerabilities that can be exploited to break into systems.
McAfee Labs Threats Report: June 2021
McAfee(r) Labs’ latest report focuses on ransomware from Babuk, DarkSide, and elsewhere. Our team discusses recent trends and research in high-profile ransomware threats.
What’s the difference between Petya & NotPetya
Petya malware is a well-known threat. A new variant was introduced in June 2017. This variant is called NotPetya by some due to changes in the malware’s behavior. Petya and NotPetya have different encryption keys and display and note unique reboot styles. Both are equally destructive.
History and evolution of Petya ransomware
Security researchers discovered Petya in March 2016. They noted that the malware was more effective than other active strains but it was still unique in its operation. This alerted many professionals to be on the lookout for advanced attacks. A second Petya variant was discovered in 2016 and contained an additional capability that could be used to gain administrator access to the machine.
Now, it’s June 2017. The latest Petya strain emerged and took down many organizations around the world in just hours. Security professionals have named the virus NotPetya due to its new capabilities.
What was McAfee’s reaction?
McAfee was notified of multiple attacks on June 27th. They began to analyze samples of malware and confirmed that McAfee Global Threat Intelligence, (GTI), was protecting against known threats at the low setting. The company released Knowledge Base article KB89540 with initial information about the attack as well as suggested steps for preventing its impact.
McAfee has released an Extra.DAT that includes coverage for Petya. McAfee also issued an emergency DAT that included coverage for this threat. The coverage was added to subsequent DATs. The latest DAT files are available via KB89540.
We continued our analysis and customer support as we published our findings on McAfee’s Securing Tomorrow blog.
- Technical Analysis: New Variant of Petya Ransomware Spreading Like Wildfire
- McAfee Protection: How to Protect Against Petya Ransomware in a McAfee Environment
- Consumer Impact: Petya Ransomware is Here, And It’s Taking Cues from WannaCry
What McAfee products can counter this threat?
McAfee provides early protection against components of the Petya attack. This includes advanced malware behavior analysis using Real Protect Cloud, and new Dynamic Neural Network analysis techniques in McAfee Advanced Threat Defense. McAfee ATD4.0 introduced a new detection tool that uses a multilayered back-propagation neural net (DNN), leveraging semi-supervised Learning.
McAfee ATD provides adaptable, zero-day protection, whether it is in standalone mode, connected to McAfee’s endpoint, or both. Real Protect, part of the Dynamic Endpoint solution, uses machine learning and link analytics to protect against malware and provide rich insight into the Dynamic Endpoint and the McAfee ecosystem.
We will continue our analysis of Petya and provide updates on how McAfee solutions can be used to detect, protect, and correct advanced cyber threats. Review KB89540 for updates.
What should I do next?
You should be protected against Petya/NotPetya if you have taken the above proactive steps. If you have been impacted by Petya, or another type of ransomware, head to NoMoreRansom.org. Remember to never pay the ransom: Petya will not give you your files back.
It is important to be vigilant for future attacks. Sign up to McAfee Lab’s threat advisories and learn everything you can about ransomware.