{"id":1975,"date":"2024-06-20T04:19:00","date_gmt":"2024-06-19T22:49:00","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=1975"},"modified":"2025-02-06T10:27:50","modified_gmt":"2025-02-06T04:57:50","slug":"petya-ransomware-latest-rival-uncovered","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/computer-safety\/petya-ransomware-latest-rival-uncovered\/","title":{"rendered":"Petya Ransomware \u2013 The latest rival Uncovered"},"content":{"rendered":"

The IT world is doomed with yet another strain of ransomware<\/strong> \u2013 Petya gushing out to knock down businesses with a loud uproar in UK, France, Europe, India and Ukraine Europe. The IT security experts are to have an extra pair of eyes to work on commendable security measures to stay ahead of such new threat variants.<\/p>\n

\"Antivirus<\/p>\n

What is Petya Ransomware<\/strong><\/p>\n

Petya ransomware is a piece of another influx of cyberattacks<\/strong> that has hit PC servers the whole way across Europe, encrypting the PC information and devastating business services in the corporate segment. Ukraine and Russia<\/b> have experienced the worst infections.<\/b><\/strong>\u00a0However the assault has likewise affected a few organizations in the US and other Western European nations. So what precisely is the Petya ransomware assault, and how can it influence a PC?\u00a0Moreover, what precisely can you do to secure yourself or your organization against ransomwares<\/a>?<\/span><\/p>\n

As of today, there were more reports about another flood <\/span><\/strong>of ransomware attacks<\/strong><\/a> (alluded in the media by a few names, including Petya, Petrwrap, NotPetya and exPetr) spreading far and wide. It fundamentally focused on organizations in Ukraine, Russia and Western Europe. On the off chance that you were one of the appalling casualties, this screen may look unusual.<\/span>
\n<\/strong><\/p>\n

Ransomware Petya is not quite the same as its ancestor, it doesn’t scramble records on your network. Rather, the user’s system reboots to deactivate the Master File Table (MFT)<\/strong> and the Master Boot Record (MBR)<\/strong>. The user-victim would not be able to access the system files and data while the ransomware has taken over. It exclusively has the authority to unlock the credentials only if the demanded ransom is paid on time. Petya replaces the MFT and MBR with its damaging code which shows the ransomware note. Regrettably, the victims are troubled and worried that they cannot reboot the network<\/span><\/strong>. Also it has been identified that only a few antivirus<\/strong><\/a> companies are effective enough to identify the <\/span>Petya ransomware<\/b>.<\/span>
\n<\/strong><\/p>\n

The ransomware<\/a> is equipped with tailored tools a la Mimikatz, to spread the infection through the vulnerable exploit. The ransomware<\/a> operates to extract sensitive data<\/strong> from the lsass.exe process. Once the critical information is extracted the credentials are passed on to PsExec tools so as to spread the infection throughout the network.<\/p>\n

How Petya Ransomware Managed to Infect Systems Rapidly<\/strong>?<\/p>\n

As much the same as WannaCry, Petya is exploiting SMBv1 Eternal Blue adventure – the unpatched Windows machines that are still being used as an exploit.<\/p>\n

All things considered, it is very shocking that, even in the wake of thinking about the WannaCry<\/strong> issue for an average measure of time, enormous enterprises and organizations have not yet executed appropriate safety efforts<\/strong> to safeguard against such danger.<\/p>\n

One won’t be astounded that notwithstanding all that noise encompassing Windows vulnerability that made WannaCry a taint infection, majority of the organizations still neglect to gain from the past, and stands defenseless against such digital assaults.<\/p>\n

“Petya ransomware has been found successful in spreading the infection as it consolidates both a customer side assault (CVE-2017-0199) and a network-based infection (MS17-010),” tweeted by a security scientist recently.<\/p>\n

Precautionary Measures<\/strong><\/p>\n

1. Take caution in identifying suspicious files<\/strong> that you get through anonymous emails. Click on the links only if the source is found genuine.<\/p>\n

2. Install the best Internet security<\/strong> suite that is feature-full with next-gen techniques and solutions accommodating a robust antivirus software<\/a>, firewall<\/a> and endpoint security solutions<\/a>.<\/p>\n

\"comodo<\/a><\/p>\n

\"comodo<\/a>