Petya (malware)
ASCII art of a skull and crossbones is displayed as part of the payload on the original version of Petya.
|
|
| Aliases | GoldenEye NotPetya |
|---|---|
| Classification | Trojan horse |
| Type | Ransomware |
| Subtype | Cryptovirus |
| Operating system(s) affected | Windows |
Petya is a family of encrypting ransomware that was first discovered in 2016. The malware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.
Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments. In June 2017, a new variant of Petya was used for a global cyberattack, primarily targeting Ukraine. The new variant propagates via the EternalBlue exploit, which is generally believed to have been developed by the U.S. National Security Agency (NSA), and was used earlier in the year by the WannaCry ransomware. Kaspersky Lab referred to this new version as NotPetya to disambiguate it from the 2016 variants, due to these differences in operation. In addition, although it purports to be ransomware, this variant was modified so that it is unable to actually revert its own changes.
Petya was discovered in March 2016;Check Point noted that while it had achieved fewer infections than other ransomware active in early 2016, such as CryptoWall, it contained notable differences in operation that caused it to be "immediately flagged as the next step in ransomware evolution". Another variant of Petya discovered in May 2016 contained a secondary payload used if the malware cannot achieve administrator-level access.
The name Petya is a reference to the 1995 James Bond film GoldenEye, wherein Petya is one of two weapon satellites that carries a "Goldeneye" – an atomic bomb detonated in low-earth orbit to produce an electromagnetic pulse. A Twitter account that Heise suggested may have belonged to the author of the malware had an avatar with an image of GoldenEye character Boris Grishenko, a Russian hacker and antagonist in the film played by British actor Alan Cumming.
...
Wikipedia