The Malware Hall of Fame: Petya Ransomware

Petya ransomware started spreading on June 27, 2017, infecting many organizations and causing havoc around the globe.
What is it?

  • A“wiper” virus disguised in a ransomware. The goal of a wiper virus is solely destruction, eliminating any possibility for restoration.
  • Paying the ransom does nothing. Petya creators never had the intention of sending a decryption key.

What it does:

How was Petya created?

  • It’s back from the past. It was first detected in 2016
  • It was inspired by WannaCryInitial reports suggested that it uses the same Eternalblue exploit, targeting a flaw in Windows legacy systems. This means it can easily spread to your computer via phishing emails.
  • It wants your money. The ransom is $300, paid in Bitcoin, the same ransom as WannaCry. The group responsible for the virus asked for a “public” donation of $250,000 to release the decryption key. This is very original.

How to protect yourself:

  • Run a routine FixMeStick scan. Petya can be detected by the 3 antivirus engines powering the FixMeStick.
  • Run antivirus software while working on your device. 
  • Update your operating system, anti-virus software, and FixMeStick. Updates provide patches and newly improved protection. If you missed a Windows update, click here.
  • Backup your files. SOS Online Backup can help!
  • Don’t send unknown people money. Even if you pay the fee, there is no guarantee you will get your files back. This also opens more traceable information to your bank account.
  • Don’t open email attachments from unknown senders or strange emails. Avoid getting caught in a phishing scam!