Is the Petya Ransomware, a Ransomware?

As the effects of Wannacry ransomware slowly died down, after Microsoft provided patches to prevent the ransomware from exploiting the loophole “EternalBlue” that was developed by NSA, a new ransomware, has done some big damages. It has been given the names “Petya”, “NotPetya” and also “Goldeneye”.

It has infected over 80 countries and almost a hundred companies. But what’s odd is that researchers now think that the Petya is not a ransomware but a malware intended to look like a ransomware. After the malware infects the device, it reboots the system within 10 seconds to a minute and then informs the user that they need to pay $300 in bitcoins as their files have been encrypted and shall be deleted if the payment is not made.

What Is the Petya Ransomware

After originating in Ukraine on Tuesday, the ransomware quickly spread to Italy, Spain, France, India, Poland and the US. While more than 30 victims have paid the said amount, researchers suggest that the original motive of those behind this is not ransom but destruction.

It is still not known who is/were behind the attacks; but in a world where quite a lot of our information is digital, it sure raises concerns as to how secure our information is, even as big companies like Microsoft can not fully protect their data from getting leaked like Windows 10 source codes and beta builds.

While experts at Kaspersky Lab analysed the malware, they now believe that the malware just pretended to be a ransomware in order to fool people into sending them money. The experts found that the decryption route in the Petya malware did not allow the attackers to decrypt the encrypted files, as opposed to what is usually the case in most ransomware attacks.

The researchers also pointed out that the attackers used a single Bitcoin wallet to accept the payments. This prevented them from getting a large sum of money; yet another proof that this malware was aimed at creating panic and havoc. The attackers reportedly used a German email hosting platform called Posteo to accept payments. Victims of the aforementioned Petya malware were asked by the message shown in the infected devices to email the hackers a long string of characters after making the payment, following which their data would be decrypted.

But as the email account was quickly shut down, the hackers’ email was no longer working. While the usual suspects are criminal groups and state sponsored attacks, there still is no concrete information about the attackers.

This post was written by Adhip Ray