What we're talking about… Categories / Cybersecurity

Petya Ransomware Attack: What You Need to Know

Petya Ransomware

The recent Petya ransomware attack is the latest in a long line of cyber-attacks designed to cause maximum damage to victims.

Another month, another ransomware attack. News of the spread of Petya ransomware began to circulate on Tuesday 27th June 2017, and it wasn’t long before the story was picked up by the world’s major news networks.

Although Petya is ostensibly a form of ransomware, there are a number of ways in which it varies from other forms of ransomware such as WannaCrypt. In this blog post we will explore what makes the Petya ransomware unique.

The Spread of Petya Ransomware

The Petya ransomware appears to have begun its proliferation through the software update of an accounting program utilised by companies working with the Ukrainian government. From here, the infection reached organisations including advertising firm WPP and transport firm Maersk.

Petya exploits the same Microsoft vulnerability as WannaCrypt, infecting machines throughout affected networks. And like most forms of ransomware, Petya aims to encrypt files and demand a ransom – paid in Bitcoin – before providing a key to decrypt the affected files.

What Makes Petya Different?

Petya ransomware has caused havoc at a number of prominent organisations. However, what makes Petya different is that it isn’t really ransomware at all, at least in terms of execution and (likely) motivation.

The vast majority of ransomware is distributed by cybercriminals to extort money from victims; in recent years it has been one of the most effective methods for monetising cybercrime. In order for this to work, a sophisticated system needs to be implemented by cybercriminals to collect money from victims and provide decryption keys without getting shut down.

The Petya ransomware’s payment systems, however, are not sophisticated in the least. A single email address – which was quickly taken offline by the email provider – was provided for victims to send a confirmation email and arrange payment of a $300 ransom.

This has proven totally ineffective, suggesting that the cybercriminals who instigated the Petya ransomware attack were not interested in making money. Instead, it seems that their primary motivation was causing as much chaos and damage as possible.

Protect Your Business

The Petya ransomware provides an interesting example of the changing motivations of cybercriminals. Although the methods – encrypting files and demanding a ransom – are similar to other strains of ransomware, the motivation behind the attacks seem to be entirely different.

All businesses need to be aware of the threat that ransomware attacks pose. Capital Support can help you train your users to become more security-aware, and our suite of Managed Security services deliver robust protection against ransomware and other threats. Contact us if you’d like to learn more.

Toby Shackleton
Toby Shackleton