New Variant Petya Ransomware Virus Attack


WannaCry ransomware is a infamous virus affected more than 230,000 computers in 150 countries, causing chaos for critical infrastructure components and traffic grids.

A latest variant ransomware, Petya, (also called Petrwrap) is going global fast and began spreading internationally on Tuesday, June 27. Petya rapidly spread through both government and corporate networks, encrypting sensitive data and demanding a ransom for its return. The ransomware exploits the vulnerability in Microsoft Windows implementation of the Server Message Block (SMB) protocol is the same malware with old techniques that was exploited by the recent WannaCry ransomware.

It encrypts a system’s master boot record (MBR) and files. The disk inaccessible and prevents most users from recovering anything on it. This ransomware then writes to the MBR and then sets up the system to reboot. It sets up scheduled tasks to shut down the machine after at least 10 minutes past the current time.

When successfully modifying the MBR, it displays the following fake system message, which notes a supposed error in the drive and shows the fake integrity checking:


After CHKDSK finished, the infected Windows host's modified MBR prevented Windows from loading.  Instead, the infected host displayed a ransom message.


Preventive measures from Petya Ransomware attacks:
  1. Perform "backup" of important files. It is recommended that the data in "backup" are stored on a separate device and stored offline.
  2. Block all SMB port (445/tcp) if not used. Disable old version of Server Message Block such as SMBv1.
  3. Make sure the anti-virus, operating system and software have been updated with the latest patches.
  4. Make sure the web links and emails are relevant and safe to visit and email attachments are safe to open.
  5. Separate unmodified system from network.


Source :

  • Microsoft | TechNet - New ransomware, old techniques: Petya adds worm capabilities
  • SANS ISC InfoSec Forums - Checking out the new Petya variant



  • ** new virus attack updates...


    Post a Comment

    8 Comments

    1. singgah 10 syawal 1438

      jm tag

      https://belogsjm.blogspot.my/2017/07/aidilfitri-giveaway-by-faye-and-friends.html

      ReplyDelete
    2. Famous dah benda ni. Dia dah attack ramai organisation even hospital. bila hospital punya system kena attack, patient takkan dapat treatment. kesian kan :)

      -missaziemah.blogspot.com

      ReplyDelete