NCP to contest Gujarat polls sol…

  New Delhi: The Nationa…

Can Haryana's women achievers he…

  Chandigarh: Success as…

HC seeks Centre, West Bengal res…

  New Delhi: The Delhi H…

New Congress President to be ele…

  New Delhi: The Congres…

BJP announces third list of cand…

  Gandhinagar: The Bhara…

Centre should waive agricultural…

  New Delhi: Swaraj Indi…

CWC starts meet for Rahul's elev…

  New Delhi: The Congres…

Gujarat polls: Gohil, Modhwadia …

  Gandinagar: Senior Con…

Misty Monday morning in Delhi

  New Delhi: It was a mi…

BJP, government cheer Moody's ra…

  New Delhi: The ruling …

«
»
TwitterFacebookPinterestGoogle+

Petya or ‘NotPetya’, the ransomware mystery lingers

Facebooktwittergoogle_plusredditpinterestlinkedinmail

 

San Francisco/New Delhi: Initially thought as the ‘Petya’ ransomware outbreak that shut computers in several countries, cyber security researchers are now dubbing it as a new form of malware attack that doesn’t demand ransom but permanently destroys data.

“In other words, the researchers said, the payload delivered in Tuesday’s outbreak wasn’t ransomware at all. Instead, its true objective was to permanently wipe out as many hard drives as possible on infected networks,” arstechnica reported on Friday.

Researchers at Moscow-based cyber security firm Kaspersky Lab have labelled the malware a “wiper.”

Kaspersky Lab experts said the new malware is significantly different from all earlier known versions of ‘Petya’.

“And that’s why we are addressing it as a separate malware family. We’ve named it ‘ExPetr’ (or ‘NotPetya’ — unofficially),” the Kaspersky Lab blog post said.

The attack appears to be complex, involving several attack vectors.

“We can confirm that a modified ‘EternalBlue’ exploit is used for propagation, at least within corporate networks,” it read.

‘ExPetr’ (aka ‘NotPetya’) does not have that installation ID (the ‘installation key’ shown in the ‘ExPetr’ ransom note is just a random gibberish), which means that the threat actor could not extract the necessary information needed for decryption.

“In short, victims could not recover their data,” the researchers added.

In the 2016 version of ‘Petya’, the ID contained crucial information for the key recovery.

“Tuesday’s malware, by contrast, was generated using pseudorandom data that was unrelated to the corresponding key,” wrote Kaspersky Lab researchers Anton Ivanov and Orkhan Mamedov.

Meanwhile, Janus Cybercrime Solutions, the author of ‘Petya’ resurfaced on Twitter, offering to help those whose files can no longer be recovered.

“The altruistic gesture, even if it does prove fruitless, is uncharacteristic of the criminal syndicate that launched an underworld enterprise by placing powerful exploits in the hands of others to deploy as they see fit,” said a Gizmodo report.

IANS

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA Image

*