Petya (also known as NotPetya) is a ransomware on Microsoft Windows that spreads via LAN. It mostly infects computers in Europe, but has began to spread into Asia. Some companies are still currently struggling replacing computers infected with Petya. There are two variants of Petya, the original 2016 variant, and the new 2017 variant.

Payload
Similarly to WannaCry, this malware uses the EternalBlue exploit kit. As it is a .DLL file, it can be run by system processes. When run, all files will be encrypted into unreadable scripts. It will also setup a task to restart the computer in one hour. It will also slowly start spreading to local networks, but on the 2016 variant, it will instead display a different Blue Screen of Death with a c0000350 error, and creates a fake CHKDSK screen. In reality, the files are being encrypted. On the 2016 variant, it lasts shorter, but lasts longer on the 2017 variant.

Reference : http://malware.wikia.com/wiki/Petya



Friday, June 9, 2017



« Back