Creator of Petya ransomware volunteers to ‘crack’ modified malware variant

Creator of Petya ransomware volunteers to ‘crack’ modified malware variant

A file-less attack can avoid detection by perimeter security and destroy corporate networks.

The original creator of Petya ransomware is now offering to help combat a modified version of the germ that shut down computers belonging to thousands of companies in over 64 countries.

Petya was initially created to function as a potent ransomware but has lately been modified to attack large corporations in Ukraine.

Petya was born in March of last year as a potent ransomware that could encrypt ‘master file tables’ in computers at a time when other ransomware variants were only able to encrypt individual files. This way, it could operate much faster and also made it more difficult for experts to decrypt encrypted files.

Ransomware: What is it & why we should be very wary

Petya’s creator, who calls himself Janus on Twitter, started selling the ransomware to other hackers and this is how the ransomware landed in the hands of those who decided to modify it for more destructive purposes.

“Some researchers suggested that the new ransomware might be either WannaCry (it’s not), or some variation of Petya ransomware. Kaspersky Lab experts concluded that the new malware is significantly different from all earlier known versions of Petya, and that’s why we are addressing it as a separate malware family. We’ve named it ExPetr (or NotPetya – unofficially),” noted researchers at Kaspersky Labs.

Petya ransomware attack hits firms globally

The researchers also discovered that unlike any standard ransomware, the new malware could not decrypt victims’ disks since it did not contain any Installation ID. Such installation IDs are always present in previously known ransomware such as Petya itself, GoldenEye or Misha. The researchers have, as a result, asked companies and individuals not to pay ransom as it won’t help.

“ExPetr (aka NotPetya) does not have that installation ID (the ‘installation key’ shown in the ExPetr ransom note is just a random gibberish), which means that the threat actor could not extract the necessary information needed for decryption. In short, victims could not recover their data,” the researchers added.

In a major boost to global efforts aimed at containing and finding hackers behind the new malware, the original creator of Petya has now surfaced and is presently inspect the malware.

Not just a ransomware attack: Petya cyber-attack was meant to destabilise Ukraine

“We’re back havin a look in “notpetya” maybe it’s crackable with our privkey #petya,” said Janus.

The fact that Petya (NotPetya) isn’t a traditional ransomware but a malicious malware masquerading as one, has been claimed by various experts ever since the cyber-attack took place. A Ukrainian member of parliament has termed the malware as ‘a cyber attack with the ultimate goal of an attempt to destabilize the situation in the economy and public consciousness of Ukraine was disguised as an attempt to extort money from computer owners.’

Janus hasn’t shared any new information concerning the new malware variant so far but researchers elsewhere have already found a brilliant method to curtail the malware’s spread. By creating a file named perfc with no extension name and placing it in the C:\windows\ folder, researchers found that they could stop the malware from running. However, the method hasn’t helped them in finding out the source of the attack or how to obtain its source code.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]