The Petya ransomware is wreaking havoc across the world. Europe, US, and India are the countries which have been on the target. Researchers claimed that the creator of Petya is not looking to collect money from victims or enterprises.
Petya Is Not A Ransomware, It’s A Destructive Wiper!
Just when we thought that the destruction of WannaCry ransomware had stopped, another similar type of attack had been spotted in Ukraine banks. The latest Ransomware which goes by the name Petya is locking the computer of Government offices.
The Petya ransomware is wreaking havoc across the world. Europe, US, and India are the countries which have been on the target. Recently, security researchers have come to the result of the ongoing attack. The have concluded by saying that Petya is not a ransomware it is a wiper.
Researchers had termed Petya as a wiper, with the intention being mass destruction of data. Researchers claimed that the creator of Petya is not looking to collect money from victims or enterprises.
Petya is been there from past two years. Matt Suiche, founder of the cyber security firm Comae had examined the 2016 and 2017 version of Petya and found that the current version is a wiper. Matt Suiche had published a lengthy blog post in which he talked about how Petya works.
According to Matt Suiche, the current version of Petya is deleting all the first sectors of the disk and causes a planned destruction of data. Matt Suiche also explained the difference between a wiper and ransomware, he said: “a wiper would simply destroy and exclude possibilities of restoration.”
Petya used to overwrite the data on the disk, and this is not read or save anywhere else. The actual difference between the 2016 and 2017 version of Petya is that the 2016 version modified the disk in a way that it was possible to get the data back. However, the 2017 version makes it impossible to get the data back.
On the other hand, Kaspersky had analyzed the installation id that displayed on a victim’s screen, which they say is just generating random data. The security firm says that the attacker can’t actually decrypt the disk after getting the ransom since it doesn’t have any decryption key.
So, what do you think about this? Share your views in the comment box below.