Global Ransomware Attack | Petya/NotPetya | Summary and Q&A

TL;DR

NotPetya, a new form of ransomware, is spreading through local networks and encrypting victims' files, posing a serious threat.

Key Insights

• 👊 NotPetya is a ransomware attack that spreads through LAN networks, making it particularly dangerous for organizations with multiple connected devices.
• 😒 The ransomware is disguised as a dll file and uses the eternal blue exploit to infect systems.
• 🥸 NotPetya encrypts files using a chkdsk disguise, making it difficult to recover data without paying the ransom.
• 🍰 NotPetya infects other computers on the local network, causing widespread damage within a short period.
• 💌 NotPetya's email address for ransom payment has been deactivated, leaving victims with no option to pay and potentially recover their files.
• 👊 Using antivirus software is crucial to protect against ransomware attacks like NotPetya.
• 👊 Having regular backups is essential to mitigate the impact of ransomware attacks and recover data.

Transcript

another global ransomware attack and this time there is no kill switch now the threat in this case appears to be similar to Pena but Kaspersky researcher suggests that it has a lot of novelty to it so they call it not petia some people are calling it Petya whatever it is it is quite interesting so we'll take a look at it but first since this is qui... Read More

Questions & Answers

Q: How does NotPetya differ from WannaCry?

NotPetya spreads through local networks only and is disguised as a dll file, unlike WannaCry which spreads through the internet as an executable.

Q: How does NotPetya encrypt files?

NotPetya uses a chkdsk disguise to encrypt files, making restoration difficult. It reboots the system after infecting and encrypting the files.

Q: Can NotPetya infect multiple computers on the same network?

Yes, once NotPetya is on one system, it automatically searches for other computers on the same LAN and infects them.

Q: Can shutting down the computer quickly after infection protect files from encryption?

Shutting down the computer quickly after infection might save the data from being encrypted, as NotPetya activates on a system reboot.

Summary & Key Takeaways

• NotPetya, a malicious software, spreads through LAN rather than the internet, using the same eternal blue exploit as WannaCry.

• Unlike traditional ransomware, NotPetya disguises itself as a dll file and requires execution by another program.

• The ransomware encrypts files using a chkdsk disguise, making it difficult to recover data.