Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

New variant of last year's Petya ransomware was detected today

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

March 15, 2017

Internet security researchers have discovered a new variant of 2016's Petya ransomware, now apparently with an updated crypto and a couple more ransomware variations of the original malware.

Kaspersky security technicians Anton Ivanov and Fedor Sinitsyn assert that the attack, which they've named PetrWrap.

The PetrWrap malware uses the so-called PsExec tool to install ransomware on any endpoint it can access.

Rather than utilize the original Petya, which was successfully compromised in April 2016, “the group behind PetrWrap created a special module that patches the original Petya ransomware on the fly”, the Kaspersky security people asserted.

The so-called 'on-the-fly' patching is designed to hide the fact that Petya is handling the infection, and the malware virus uses its own crypto routines.

Overall, if the PetrWrap vxers had stuck with Petya's ransomware-as-a-service model, they would need a Petya private key to decrypt victims' data.

Their solution is to replace the ECDH implementation with their own crypto software, and their own public-private key sets.

This specific cryptography implementation uses the OpenSSL library components instead of the mbedtls library that Petya used in the past.

Once it's installed, a potential victim ends up with their NTFS partitions' master file table encrypted with a more powerful payload than in the older Petya version, and that's what people need to be on the lookout for.

However, the new malware's authors didn't write their own low-level bootloader, so they didn't make other mistakes seen in earlier versions of Petya. But we're not sure if that's a good thing either.

For its part, Kaspersky asserts that it does have a signature for PetrWrap, and we hope that other security vendors will follow soon. We'll keep you in the loop, as always.

Source: Kaspersky Labs.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer