Home » Hacking » Petya Ransomware Hits Ukraine, Could Be As Bad As WannaCry

Petya Ransomware Hits Ukraine, Could Be As Bad As WannaCry

After the damage caused by WannaCry Ransomware last month, a new ransomware has hit Ukraine and is spreading worldwide. Ukraine’s national bank, state power company and largest airport have been hit by the ransomware. This latest worm is named Petrwrap ransomware, and is a variant of the Petya ransomware.

Petya Ransomware

Petya Ransomware Hits Ukraine, Spreading Worldwide

Petya ransomware has hit Ukraine pretty hard. The deputy Prime Minister of Ukraine Rozenko Pavlo, sent out a tweet saying that he and other members of the Ukrainian government are unable to access their computers.

Ukraine’s central bank, the local metro, and Kiev’s Boryspil Airport have all been hit by the ransomware. Other affected agencies include the Ukraine’s power distributor Ukrenergo, aircraft manufacturer Antonov, and two postal services.

Petya Ransomware

Once infected Petya asks you to send $300 worth of Bitcoin to an address, and then email the bitcoin wallet and personal ID to a Posteo email address. At the time of writing this article, the attackers have already received seven payments.

As per a security researcher Petya was compiled on June 18th 2017.

As per reports, Petya Ransomware has hit companies in Russia, Denmark and Spain. Russian oil producer Rosneft, Danish shipping company Maersk, Spanish food giant Mondelez have all been affected by Petya.

How Petya Ransomware Works

Petya Ransomware is kinda dangerous, it does not encrypt files one by one. Instead it reboots affected computers, encrypts the hard drive’s master file table (MFT) thereby rendering the master boot record (MBR) inoperable.

In short, Petya takes over the hard disk’s master boot record (MBR) with its own malicious code, preventing the computer from booting normally and instead displaying the ransom note.

How Bad is Petya Ransomware

Going by initial reports similarities to WannaCry ransomware have been found. In fact Petya has the capability to be as bad as WannaCry ransomware.

Petya Ransomware

The Chronobyl Nuclear Plant has switched to manual radiation monitiring because of the cyber attack.


How to Protect Against Petya Ransomware

Follow below steps to protect yourself against Petya Ransomware : –

  • apply Microsoft’s patches against EternalBlue (MS17-010)
  • disable SMB
  • disable WMIC (Windows Management Instrumentation Command-line).