Petya or NotPetya, That Isn't the Question

A slightly new strain of malware, dubbed “Petya”, has been making its rounds on the internet recently and it has even hit close to home here in Pittsburgh. Some researchers have named it Petya as they believe it resembled a previous ransomware strain. Other firms, such as Kaspersky Lab beg to differ and have cleverly named the malware “NotPetya”.

Regardless of the name, this malware is exploiting the same Windows vulnerability that the prolific WannaCry malware strain used. One of the major differences of this new strain of malware is that it appears to be more destructive in nature, which is different than the extortionist nature of the WannaCry strain. The reason why it appears to be more destructive (intentionally or not) is the fact that the payment mechanisms (to retrieve the de-encryption key) have not been carefully organized; this leads security researchers to believe that the purveyor of this malware was either inexperienced or had destruction in mind rather than payment. In fact, as of this writing, the single email address that is displayed by the ransomware and was used to communicate with the hackers to transfer ransom for the decryption key, has been shut down by the provider. This means that there is no longer any way for people to contact the attacker for a decryption key to unlock their computer.

The flaw that this ransomware is exploiting is an issue with Version 1 of Microsoft’s File Sharing service, SMB (Server Message Block). The fix is outlined here. If you have systems using SMBv1, you also may have deeper issues within your network, as this is a vastly outdated protocol. This patch was released in March, well before both of these attacks occurred, which highlights the need for effective patch management processes.

This is what an infected machine looks like:

For more information on ransomware and tips to prevent and recover, see a previous article that we published here. To speak to someone about the Petya Virus, contact us. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Top Risks to Consider in 2022
President Biden Signs K-12 Cybersecurity Act into Law
What Are the Top Cybersecurity Questions of 2021?
The Benefits of Having an Independent SAP Controls Team on Your SAP S/4HANA Project
Cybersecurity Awareness Month 2021
Biden Administration Announces First Ever Sanctions Against Cryptocurrency Exchange
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.