Petrwrap/Petya ransomware

What is Petrwrap?

  • Petrwrap is the latest in a series of powerful ransomware attacks which deny access to a computer system and then demands money from users to regain access. PetrWrap is said to be using the same EternalBlue exploit employed by WannaCry earlier this May.

How does it work?

  • Computers attacked by Petrwrap ransomeware were blocked and it was asked to pay $300 in the bitcoin to regain access.
  • “Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said

Where did it begin?

  • Cyber intelligence firm Flashpoint said it believed the outbreak began in Ukraine, where attackers loaded the ransomware onto computers when they requested updates of a widely used accounting software program. Ukraine’s central bank and Kiev’s main airport have suffered attacks from the ransomware.

What is the impact?

  • Some 2,000 attacks were observed as of midday in New York on Tuesday, according to Kaspersky Lab. Russia and Ukraine were most affected, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States, the security software maker said.
  • But security experts said they expected the impact to be smaller than WannaCry since many computers had been patched with Windows updates in the wake of WannaCry last month to protect them against attacks.

Can it be stopped?

  • WannaCry attack was crippled after a 22-year-old British security researcher Marcus Hutchins created a so-called “kill-switch” that experts hailed as the decisive step in slowing the attack.
  • However, security experts said they did not believe that Petrwrap had a kill switch, meaning that it might be harder to stop.

Has it affected any company in India yet?

  • As of Wednesday, operations at India’s biggest container port in Mumbai was hit by a ransomware attack. It is not clear whether if it was by Petrwrap.


Leave a Reply