NotPetya was narrowly targeted, though quickly grew into a wider threat. That behavior made NotPetya more like a “ransomworm” than a traditional virus. Unlike most malware, NotPetya infected new systems without the user doing anything. Once on a compromised system, EternalBlue exploits a flaw in Windows networking protocols to silently spread across networks. The exploit was developed by-and later stolen from-the U.S. The new variant, also dubbed “NotPetya” because of key differences with the original, spread using an exploit known as EternalBlue.
It quickly spread worldwide, crippling businesses and causing more than $10 billion in damages. There’s no guarantee the solution will continue to work indefinitely, so it’s better to not wait.įound this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.Though first discovered in 2016, Petya began making news in 2017 when a new variant was used in a massive cyberattack against Ukrainian targets.
With that being said, if you have been affected by Petya, I urge you to use Leostone’s tool as soon as possible. As soon as the security industry announces something good, malicious actors begin working on ways to manipulate it or render it useless. Such is the tradeoff in information security. In all likelihood, the author(s) of Petya have already heard about Leostone’s tool and are modifying their code to disallow the solution as we speak. This is all great news, though I doubt it will last for long. That key will decrypt the victim’s infected files once the hard drive has been once again loaded into the infected computer. All a user needs to do is load up their hard drive on an uninfected Windows computer and run Wosar’s solution.Īfter copying and pasting the information generated by the Petya Sector Extractor, victims can then use Leostone’s tool to generate a decryption key. Security researcher Fabian Wosar has developed a “ Petya Sector Extractor that can collect the specific data needed to use Leostone’s tool. This data then needs to be converted to Base64 encoding and used on the site to generate the key.” The data that needs to be extracted is 512-bytes starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21). “To use Leostone’s decryption tool you will need attach the Petya affected drive to another computer and extract specific data from it. Without some help, however, Leostone’s tool could be too complicated to implement for most users notes Abrams in a blog post: Lawrence Abrams, a computer security expert at Bleeping Computer, has tested the tool and reported it took only seven seconds for it to generate a decryption key. Already it has made quite a reputation for itself, especially for its ability to encrypt the Master File Table (MFT) on an infected machine.Ĭurrently, Petya demands 0.99 BTC (approximately US $418) from its victims. Petya first shoved its way onto the ransomware scene back in March. Their tool exploits a mistake made by Petya’s author in the way that the ransomware encrypts a file on a Windows machine, opening opportunities for the decryption key to be determined.
0 kommentar(er)
