Blogs and Posts

Petya 2.0 Ransomware Is Dangerous, Terrifying and Effective

• By: Garry Feldman
• Date: July 10, 2017

Businesses should consider the latest round of “Petya” malware attacks a serious threat. This type of ransomware, referred to by some as “Petya 2.0,” “NotPetya,” “GoldenEye,” “PetyaWrap” and other names, can completely obliterate all of your data stored and shared across your network system.

It can also proliferate without human help thanks to a range of infiltration mechanisms. Petya 2.0 can directly instruct network-connected computers to install infected files, and it can even hunt around in system data for stored password information to gain administrator-level control.

In short, Petya 2.0 is not to be trifled with. Once it has infected your system, controlling it is extremely difficult. The best measure is prevention with the aid of an experienced Stamford, CT cybersecurity firm.

Why Petya Is Scarier Than WannaCry

After the WannaCry cyber attacks faded from the news, many businesses incorrectly thought that the worst was over. Instead, a new type of malware emerged in its wake with even more concerning capabilities.

For one, this new malware copies traits from an earlier wave of ransomware attacks in 2016 attributed to a “Petya” file. Unlike WannaCry, Petya 2.0 does not just encrypt the local files available on each computer workstation. Instead, it can encrypt the hard drive down to the sector level, preventing access even if an infected hard drive is connected another computer.

Petya 2.0 also goes beyond the EternalBlue method of infiltration by adding two new methods of spreading to its repertoire. It can use Microsoft’s “PsExec” execution tool to remotely access workstations and perform commands within them. Through this route, the malware can copy itself manually onto other systems. Petya 2.0 needs administrator privileges to execute these actions, making access management and auditing a critical component of any cybersecurity plan.

By looking around in available system memory, Petya 2.0 can sometimes identify passwords for top-tier accounts and use them to boost access privileges. It can then run PsExec and spread from computer to computer.

An Untold Economic Impact

So far, Petya 2.0 has hit a few major organizations hard, and it shows no signs of relenting. The original infection has been traced to Ukraine, where a large tax software company first acquired the malware and appears to have accidently embedded it in their software distributed to thousands of clients around the globe.

Danish shipping company Maersk, the largest container ship operator in the world, has been brought to its knees, halting thousands of cargo transfers across the globe. U.S.-based pharmaceutical company Merck, U.K. media company WPP and hundreds of others have also been affected.

Like WannaCry, Petya 2.0 claims that it will decrypt files when a ransom is paid, but reports indicate that little, if any, users have gotten their data back. Some even speculate that Petya 2.0 is incapable of tracking which users have paid, meaning no formal system is in place to decrypt files for those who submit to the ransom.

Protect Your Company From Petya 2.0 With an Immediate Audit From a Stamford, CT Cybersecurity Firm

Your organization cannot afford to wait until it is infected. Petya 2.0 spreads fast, and no single method has been proven effective for halting its spread once a network is compromised. Infected networks can only be restored through slow, meticulous work, and recovering encrypted data has not yet been proven possible.

The only solution is a comprehensive audit of your current IT infrastructure, including your company’s practices for access management, network segmentation, program blacklists and more. Get in touch with a cybersecurity firm in Stamford, CT to begin assessing your current risks and strengthening your protections against a possible Petya 2.0-related system shutdown.