The coming back of Petya ransomware with all its dirty tricks
Petya ransomware creators attempt to accuse its predecessor of a crack into their system.
Investigators revealed one more Petya ransomware type last year. Besides, it contains improved crypto and ransomware patterns now.
The authentic Petya was hacked last April and the group behind PetrWrap developed a specific module that modifies the original ransomware version on-the-spot.
The on-the-spot change is intended to conceal the fact that Petya is containing the malicious element, and PetrWrap group uses its own crypto methods.
The encrypting uses OpenSSL library elements rather than the mbedtls library used by Petya.
Moreover, PetrWrap changes Petya ransomware, so its creators cannot get access to their malware.
Specialists claim that PetrWrap gang’s activity is a kind of identificator for growing rivalry among players in the ransomware sphere.
The new-made PetrWrap uses Petya ransomware to codify its victims’ materials. PetrWrap developers invented a specific module that changes the authentic malware “on-the-spot,” so Petya’s creators do not have any chance to control it.
It’s a striking example of ransomware-as-a-service pattern whose creators propose ransomware “at the moment of need” to spread its use for getting a part of the profit. Nevertheless, PetrWrap inventors managed to avoid paying to
Petya’s developers by swindling the protecting techniques put in place by Petya’s creators.
Petya contains a strong cryptoalgorithm. The people behind PetrWrap have their individual encryption keys to decode victims’ devices, so, they do not need a key from the Petya.
The security software with behavior-based detection is a great solution to secure your computer from the ransomware attacks.
It is also necessary to create backup data copies, to assess safety of control networks, and to train a working staff, in particular operating and technical personnel on the latest attacks.