NotPetya Ransomware

Posted on

Last month, a virus known as NotPetya affected thousands of computers across Europe. Specifically, the virus targeted Ukrainians’ electric, government, and bank systems. These specific organizations fell victim to the spread because of their shared use of an accounting software. Many articles refer to this attack as Petya, an outdated virus that this current assault resembles. As a result, the current virus is known as “NotPetya,” “Pnetyna,” or other variants of this word.

Although this attack seemed similar to the recent WannaCry ransomware, it is actually not a form of ransomware. Rather, NotPetya is a wiper which was disguised as ransomware. The difference between these two attacks is that ransomware demands money for a key that will recover your systems, while a wiper is aimed to destroy your systems and data. However, the two are similar in that they both affected only Windows OS systems and targeted the same vulnerability within the software. These attacks differed further in that the NotPetya virus wasn’t thwarted by performing software updates.

During these attacks, the virus collected administrator credentials out of each machine’s memory and spread rapidly throughout each network. If admin access wasn’t accessible, the administrators themselves were targeted through a malicious email attachment. Once this control was achieved, attackers were able to fully control most workstations, internal systems, and storage. The leaked EternalBlue SMB exploit, which is rumored to have been stolen from the NSA, was modified during this attack. This is the same flaw that was exploited with the recent WannaCry virus, although system updates prevented many computers from being affected from this attack.

Additionally, the goals of these attacks varied. WannaCry attackers sought financial gain while NotPetya creators wanted to take information from and disrupt the operations of the business and governmental organizations they targeted. However, in order to disguise their motives, the attackers originally did request a $300 ransom which they said would produce a decryption key. Encryption is a popular tool aimed to protect data and is used even in the business world. These types of keys can be entered to recover files which were previously encrypted, or unreadable. Some news outlets claim this recovery key is successful, but it will only restore a limited number of corrupted files.

So, what should you do if you believe your computer was targeted in the NotPetya attack? First off, if a ransom is demanded, don’t pay it! This won’t help you recover your system. Give us a call and our expert team will work to recover as many files as possible and prevent future attacks. We pride ourselves on staying ahead of attacks such as these and providing our customers with the most secure environments possible.