Petya (malware family)

Petya
Petya
	ASCII art of a skull and crossbones is displayed as part of the payload on the original version of Petya.
Type	Malware
Subtype	Cryptovirus
Classification	Ransomware
Technical details
Platform	Windows

Petya is a family of encrypting malware that was first discovered in 2016.^[2] The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.

Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments. In June 2017, a new variant of Petya was used for a global cyberattack, primarily targeting Ukraine. The new variant propagates via the EternalBlue exploit, which is generally believed to have been developed by the U.S. National Security Agency (NSA), and was used earlier in the year by the WannaCry ransomware. Kaspersky Lab referred to this new version as NotPetya to distinguish it from the 2016 variants, due to these differences in operation. It looked like ransomware, but without functioning recovery feature it was equivalent to a wiper. The NotPetya attacks have been blamed on the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organization, by security researchers, Google, and several governments.^[2]^[3]^[4]^[5]

^ Cite error: The named reference cp-petya was invoked but never defined (see the help page).
^ ^a ^b Greenberg, Andy (22 August 2018). "The Untold Story of NotPetya, the Most Devastating Cyberattack in History". Wired. Archived from the original on 27 August 2018. Retrieved 27 August 2018.
^ Greerberg, Andy (21 November 2019). "Russia's 'Sandworm' Hackers Also Targeted Android Phones". Wired. ISSN 1059-1028. Archived from the original on 26 March 2020. Retrieved 26 March 2020.
^ Kovacs, Edouard (16 February 2018). "U.S., Canada, Australia Attribute NotPetya Attack to Russia | SecurityWeek.Com". www.securityweek.com. Archived from the original on 26 March 2020. Retrieved 26 March 2020.
^ Gidwani, Toni (26 March 2020). "Identifying vulnerabilities and protecting you from phishing". Google. Archived from the original on 26 March 2020. Retrieved 26 March 2020.

[cp-petya-1] Cite error: The named reference cp-petya was invoked but never defined (see the help page).

[:0-2] Greenberg, Andy (22 August 2018). "The Untold Story of NotPetya, the Most Devastating Cyberattack in History". Wired. Archived from the original on 27 August 2018. Retrieved 27 August 2018.

[3] Greerberg, Andy (21 November 2019). "Russia's 'Sandworm' Hackers Also Targeted Android Phones". Wired. ISSN 1059-1028. Archived from the original on 26 March 2020. Retrieved 26 March 2020.

[4] Kovacs, Edouard (16 February 2018). "U.S., Canada, Australia Attribute NotPetya Attack to Russia | SecurityWeek.Com". www.securityweek.com. Archived from the original on 26 March 2020. Retrieved 26 March 2020.

[5] Gidwani, Toni (26 March 2020). "Identifying vulnerabilities and protecting you from phishing". Google. Archived from the original on 26 March 2020. Retrieved 26 March 2020.

[1]

[2]

[3]

[4]

[5]