Key lessons from ‘Petya’ ransomware attack

While the cyber security community is still working to understand the latest ransomware attack that has reportedly hit 60 countries, there are key lessons to be learned

Security researchers are struggling to reach consensus on whether the ransomware responsible for the latest global attacks is a new version of Petya or not, and even whether it was true ransomware, but what they have learned so far could help guide security strategies.

Those in support of retaining the Petya name point out that it essentially behaves in exactly the same way because it is designed to:

  • Encrypt files on disk without changing the file extension.
  • Forcibly reboot the machine upon infection.
  • Encrypt the Master Boot Record on affected machines.
  • Present a fake CHKDSK screen as a cover for the encryption process.
  • Present a near-identical ransom demand screen after completing its activities.

Continue reading…