Disclosure:
Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

Petya Ransomware Attack: What You Need to Know

The latest cyber-attack – patrolling under the name of Petya – made its debut nearly two days ago on June 27. Known to be a ransomware attack that encrypts stolen data until a fee is paid in BitCoin, Petya has infected thousands of targets across the Ukraine, Russia, India, and the U.S.

The ransomware uses the same Microsoft EternalBlue exploit that made the WannaCry attack so viral back in May. WannaCry spread to hundreds of thousands of Microsoft computers, and it seems that many Microsoft users still have not updated their systems with the patch. But whereas WannaCry spread like wildfire, Petya is unfurling at a much slower rate. However, the new ransomware makes up for it with an updated system. One of WannaCry’s spectacular errors was its built-in kill-switch, but researchers have yet to find one in Petya.

In order not to confuse it with a similar ransomware code from 2016, many are calling the virus NotPetya or GoldenEye. Whatever name you call it, the ransomware seems to use an LSADump, according to Russian security firm Group-IB, that gathers passwords and data from Windows computers and attack others on a shared network. Researchers believe the virus was seeded through a software update mechanism in MeDoc, an accounting program that companies working with the Ukrainian government use. This is probably why Ukraine has been hit the hardest, especially their government, local banks, and big companies. And while companies all over the world scramble to pay the $300, recent analysis shows that the ransomware might actually be destructive cyber malware. Researchers noted two oddities in Petya that don’t usually occur with other ransomware: the malware message urges victims to communicate via email instead of Tor, and it only lists one BitCoin address instead of an individual one for each victim. Both of these unusual elements are causing researchers to speculate that the stolen data is not encrypted but rather has been destroyed.

Even if this isn’t true, the email address that victims were supposed to communicate with was suspended, so there’s hardly any hope for retrieving those lost files even if victims pay the ransom.

The good news is that researchers found a way to stop the virus. Once infected, the ransomware waits about an hour before rebooting. Turning off the machine while rebooting will prevent files from being encrypted.

If you haven’t updated your Microsoft Windows with the patch, now is the time.

About the Author

Sarit is an experienced internet security writer who believes everyone has the right to online privacy.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.