2017 Ransomware Petya attack and the
latest NotPetya Ransomware

In 2017 Petya is a family of encrypting ransomware that was first discovered in 2016. The malware targets Microsoft Windows based systems, infecting the master boot record to execute a payload that encrypts the file system table of a hard drive which prevents Windows from booting.

It then demands that the user make a payment in Bitcoin in order to regain access to the system.

 

petya-ransomwareThe 2017 malware widely believed to be responsible is a version of Petya which security researchers are calling NotPetya. It is like Petya, but different enough to qualify as an entirely new form of ransomware, researchers say. Variants of Petya were first seen in March 2016, which propagated via infected e-mail attachments.

In June 2017, a new variant of Petya was used for a global cyberattack, primarily targeting Ukraine. The new variant propagates via the EternalBlue exploit, which is generally believed to have been developed by the U.S. National Security Agency (NSA), and was used earlier in the year by the WannaCry ransomware.

Kaspersky Lab referred to this new version as NotPetya to disambiguate it from the 2016 variants, due to these differences in operation. In addition, although it purports to be ransomware, this variant was modified so that it is unable to actually revert its own changes.

Cerber Ransomware

Cerber Ransomware has been detected recently (August 2016) and found floating around. When infected – a victim’s data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. Unfortunately, at this point there is no known way to decrypt a victim’s CERBER encrypted files for free.

It is not currently know how the Cerber ransomware is being distributed, but it is likely it is being offered as a service on a closed underground Russian forum. Meaning it is probably a new Ransomware as a Service, or RaaS, where affiliates can join in order to distribute the Cerber ransomware. Meanwhile, the Cerber developers earn a commission from each ransom payment.

Cerber Ransomware Removal

Several software companies have released various products. But it appears that the Cerber folks update the encryption as soon as a new removal tool comes out.

What is RansomeWare?

Ransomware is a newly invented form of malware which has drastically changed the landscape of cyber security and the protocols for securing the internet from hacking attempts. Ransomware is an ingenious form of malware in that rather than stealing information locked within a computer, the code actually blocks the user from accessing their personal files, essentially hijacking the computer. The malware then requires a ransom, or payment, in order to unlock the computer and restore access. The process is essentially a hostage takeover of your computer, requiring you to pay a ransom to free your data and return it to working order.

The code behind Ransomware is actually quite simplistic, which is what has allowed ransomware architects to design so many various forms of the malware so quickly. The simplistic nature of the malware also allows the virus to be sent via a simple email attachment. Many users have unknowingly downloaded the malware to their computers by opening an email attachment resembling a simple .pdf document. When users open this attachment the malware is downloaded to their computer, and the code shuts down and locks the user out of their files. The interface will usually display a message indicating what has been done and how to send payment to unlock the computer.

I don’t know about you, but my inbox every day contains emails with very credible or curious headings. Like “Ticket # 432AFS – Your Response is needed”. Or “Please confirm your court date”. Often the messages are written to either get you curious enough to open the attachements, to see what the heck this is all about – or angry enough to want to fight it. “What the heck – I didn’t get a ticket!! Let me see what this is all about and get a number so I can call them”.

The best known of them is CryptoLocker – which was discovered in the fall of 2013. It is estimated that this software alone infected over 1 million Windows computers. In one case recently, the victim had to pay $10,000 USD – we believe the criminals have earned millions of dollars on payments like that.

What you see when you have been attacked by CryptoWall is something like this:

RansomWare-CryptoWallThen you have no access to ANY files on your computer.

To avoid paying this extortion ransom,  remove the CryptoWall Ransomware using a reliable, fully updated security program and then recover your files from an external back-up. If you don’t have a back-up you are pretty well out of luck. SO far there is no software that will produce the private key to decrypt your files.

 

 

 

 

Ransomware | Cerber Ransomware | Cryptolocker | Ransomware Removal


 


 


2017 Ransomware Attacks | NotPetya
2017 Petya Ransomware | CryptoLocker
CryptoWall | Ransomeware | CryptoWall Removal
CryptoWall Decrypter