Yesterday, Tuesday, there was a mass malware infection on a global scale, but this malware is not a simple ransomware, as we saw in the recent case of WannaCry, this time the issue is different and more serious.
While WannaCry extremely efficiently encrypted the files and requested for a ransom in order to decrypt and gain access to them, this new malware, Petya, has infected computers in many countries, including the United States, India, the United Kingdom, France and Russia, and requests a $300 ransom, but unlike the previous one, the architecture of this malware is not at all engineered to allow any type of restoration.
According to a new analysis, Petya was designed to seem like the known Ransomware, but it does not work like one at all, since it immediately erases all the files in the computers that infects, and the person who brought us this news, was the founder of Comae Technologies, Matt Suiche.
But is Petya a programming error, or a genius trait? Our opinion is that the Petya is a genius trait, even belonging to the dark side of the force. After infecting the system, the later is restarted by the malware, which then encrypts the master file table (MFT) of the computer’s disk, making it unreadable, thus restricting the user access to the system.
After this operation, Petya uses its malevolent genius, and replaces the encrypted copy of the MBR, with a copy of its own malicious code, which then presents a ransom note on the screen, and totally prevents the computer from starting, not only this, but in addition to infecting the victim’s computer, Petya does a search on the local network, and infects all the computers on the network, even if they are updated with the latest security updates.
So far, it is estimated that about 45 victims have paid the sum of $10 500 in Bitcoins, hoping to recover their interdicted files that have actually ceased to exist.
Kaspersky experts advise users not to pay the ransom in any way, since it will not help them, leaving them without the money and without the files.
The malware is believed to have originated in Ukraine, and has spread due to a malicious software update of a Ukrainian accounting software called MeDoc.
As always, the best and only solution in this case is prevention, keep attention to emails from unknown people, unsolicited attachments or suspicious formats and always check that the email is legitimate and not a copy with a similar name, as so often happens in these attacks.