Petya - the latest ransomware attack spreading around the world

Now it has been termed as a wiper.
Source: http://indianexpress.com/article/te...r-not-ransomware-and-much-much-worse-4727038/

Researchers have compared the code of the 2016 and 2017 version of Petya, and concluded the latest version is a wiper. This was first reported by Matt Suiche, who is founder of the cyber security firm Comae. He has put out a detailed blogpost on Medium (blog.comae.io) explaining why Petya is wiper, not a ransomware. Cyber security firm Kaspersky has also come to the same conclusion in a separate blogpost.

According to Suiche’s blogpost, this current version of Petya is deleting, wiping all the first sectors of the disk, and causes deliberate destruction of data. In his blogpost, Suiche has explained the difference between wiper and ransomware. He writes, ”a wiper would simply destroy and exclude possibilities of restoration.” With ransomware, the idea is always to get the victim to pay and then restore the data.

The researcher’s conclusion is that this attack is deliberately overwriting the data on the disk, and this is not read or saved anywhere else. He says the main difference between the 2016 and 2017 Petya is that the earlier version modified the disk in a way that it was possible to get the data back. In the new version, the damage is irreversible.

Kaspersky has also concluded this attack was wiper pretending to be a ransomware. The firm also analysed the installation id that is flashed on a victim’s screen, which they say is just generating random data. It cannot contain information to get the decryption key, says the firm. The conclusion is the attacker can’t actually decrypt the disk. Just like Suiche, Kaspersky also believes like the idea was destruction, not financial gain.
Click to expand...
 
Not sure, but I think these crypto-currencies like bitcoin are "decentralised" meaning they cannot be blocked.
 
Back
Top