NotPetya Ransomeware Wreaking Havoc

The latest splash has been made by the Petya or NotPetya Ransomware that exploded in Ukraine and is infecting companies all over the World. It’s getting some people in deep trouble as there’s no way to recover the files once encrypted.


The malware seems to be trying to hide its intent as it doesn’t really seem to be about making money, $300 is a pretty low amount and they setup a very poor mechanism for collecting the money (the Posteo account they used has been shut down).


At the current value of Bitcoin there’s around $10,000 USD in the wallet mentioned, but with the e-mail address down there’s no way for the victims to get in contact with the bad guys to decrypt their files.
It’s quite probably a nation state attack aimed at the Ukraine, and it just happened to spread outside. It also doesn’t spread over the Internet like WannaCry but only over the local network.
It seems to be using a whole bunch of tech with bits we’ve posted about like Mimikatz and the NSA leak (a modified version of EternalBlue).
It’s definitely some pretty slick coding and an impressive piece of malware. But why it’s been unleashed? We’re unlikely to find out unfortunately.


Previous Post Next Post