Petya Ransomware Recap

Malware, Ransomware
Twitter, news media, and malware researchers were busy the past 30 hours as news of a ransomware variant being identified as Petya (NotPetya) was leveraging ETERNALBLUE to spread similar to how WannaCry ransomware had spread back in May 2017.  While variants of Petya have been seen going back a few months to include code similarities shared with Petrwrap and GoldenEye/Mischa ransomware strains, this quickly spreading variant leveraged a different attack than WannaCry in that it didn't just attack files based on their extension, but rather attacked the Master File Table (MFT) of the infected system.  Petya works by rebooting the system after its infected it and then encrypts the MFT and overwrites the Master Boot Record (MBR) causing a static ransom message to be displayed against a black backdrop starting…
Read More