The author of original
Petya ransomwareis back.
After a long 6 months of silence, the author of now infamous Petya ransomware appeared on Twitter today to help victims unlock their files encrypted by a new version of Petya, also known as
NotPetya.
"We're back having a look in NotPetya," tweeted Janus, a name Petya creator previously chose for himself from a James Bond villain. "Maybe it's crackable with our privkey. Please upload the first 1MB of an infected device, that would help."
This statement made by Petya author suggests he may have held on a
master decryption key, which if worked for the new variant of Petya infected files, victims would be able to decrypt their files locked in the recent cyber outcry.
Janus sold
Petyaas a Ransomware-as-a-Service (RaaS) to other hackers in March 2016, and like any regular ransomware, original Petya was designed to lock victim's computer, then return them when a ransom is paid.
This means anyone could launch the Petya ransomware attack with just the click of a button, encrypt anyone's system and demand a ransom to unlock it. If the victim pays, Janus gets a cut of the payment. But in December, he went silent.
However, On Tuesday, computer systems of the nation's critical infrastructure and corporates in Ukraine and 64 other countries were struck by a
global cyber attack, which was similar to the
WannaCry outbreakthat crippled tens of thousands of systems worldwide.
Initially, a new variant of Petya ransomware, NotPetya, was blamed for infecting systems worldwide, but later, the NotPetya story took an interesting turn.
Yesterday, it researchers found that
NotPetya is not a ransomware, rather it's a wiper malware that wipes systems outright, destroying all records from the targeted systems.
NotPetya also uses NSA's leaked Windows hacking exploit
EternalBlueand
EternalRomance to rapidly spread within the network, and WMIC and PSEXEC tools to remotely execute malware on the machines.
Experts even believe the real attack has been disguised to divert world's attention from a state-sponsored attack to a malware outbreak.
The source code to Petya has never been leaked, but some researchers are still trying hard to reverse engineer to find possible solutions.
Would this Really Help Victims?
Since Janus is examining the new code and even if his master key succeeds in decrypting victims’ hard drive's master file table (MFT), it won't be of much help until researchers find a way to repair MBR, which is wiped off by NotPetya without keeping any copy.
Tuesday's cyber outbreak is believed to be bigger than
WannaCry, causing disaster to many critical infrastructures, including bricking computers at a Ukrainian power company, several banks in Ukraine, and the country's Kyiv Boryspil International Airport.
The NotPetya also canceled surgeries at two Pittsburgh-area hospitals, hit computers at the pharmaceutical company Merck and the law firm DLA Piper, as well as infected computers at the Dutch shipping company A.P. Moller-Maersk forced to shut down some container terminals in seaports from Los Angeles to Mumbai.
from The Hacker News http://ift.tt/2sVkUGl
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.