Our Latest Online Backup Reviews:Vembu SyncBlaze
Industry LinksTools and Graphs
The new ransomware string performs targeted attacks against companies
Woburn, MA – March 14, 2017 – /BackupReview.info/ – Kaspersky Lab researchers have discovered PetrWrap, a new malware family that exploits the original Petya ransomware module, distributed through a Ransomware-as-a-Service platform, to perform targeted attacks against organizations. The PetrWrap creators made a special module that modifies the original Petya ransomware “on the fly,” leaving its authors helpless against the unauthorized use of their malware. This may be the sign of growing competitiveness on the underground ransomware market.
In May 2016, Kaspersky Lab discovered Petya ransomware that not only encrypts data stored on a computer, but also overwrites the hard disk drive’s master boot record (MBR), leaving infected computers unable to boot into the operating system. The malware is a notable example of the Ransomware-as-a-Service model, when ransomware creators offer their malicious product ‘on demand’ spreading it by multiple distributors and getting a cut of the profits. In order to get their part of the profit, the Petya authors inserted certain “protection mechanisms” in their malware that do not allow the unauthorized use of Petya samples. The authors of the PetrWrap Trojan, which first had activities detected in early 2017, managed to overcome these mechanisms and have found a way to use Petya without paying its authors a penny.
It is unclear yet how PetrWrap is being distributed. After infection, PetrWrap launches Petya to encrypt its victim’s data and then demands a ransom. PetrWrap authors use their own private and public encryption keys instead of those that come with “stock” versions of Petya. This means they can operate without needing a private key from the Petya operators for decryption of the victim’s machine, should the ransom be paid.
It is no coincidence that the developers of PetrWrap have chosen Petya for their malicious activities: this ransomware family now has a rather flawless cryptographic algorithm that is hard to break – the most important component of any encryption ransomware. Although mistakes in previous versions of Petya allowed security researchers to find a way to decrypt the files, since then its authors have fixed almost all mistakes. As a result, a victim’s machine is reliably encrypted when it is attacked with the latest versions of Petya, making it an optimal malware to use. Moreover, the lock screen shown to PetrWrap victims does not reflect any mentions of Petya, making it challenging for security experts to assess the situation and quickly identify what family of ransomware has been used.
“We are now seeing that threat actors are starting to devour each other and from our perspective, this is a sign of growing competition between ransomware gangs,” said Anton Ivanov, Senior Security Researcher, Anti-Ransom, Kaspersky Lab. “Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organized they will be, and the less effective their malicious campaigns will be. The worrying thing here is the fact that PetrWrap is used in targeted attacks. This is not the first case of targeted ransomware attacks and unfortunately it is most likely not the last. We urge organizations to pay as much attention as possible to the protection of their networks from this kind of threat, because the consequences can be really disastrous,” he added.
In order to protect organizations from such attacks, Kaspersky Lab security experts advise the following:
To learn more about PetrWrap, please read the blog post available at Securelist.com
Please check NoRansom.kaspersky.com to see the tools we developed to help ransomware victims.
About Kaspersky Lab
Learn more at www.kaspersky.com
Source: Kaspersky Lab
General Tags: online backup reviews, online data backup, backing up online, online backup news, SaaS, online file storage, top rated online backups, CEO interviews, compare online backups, online file backup, data security, online backup services, software as a service, data storage, online backup, online backup providers directory, cloud computing, online backup companies
Like us on Facebook
Sponsored Links:Data Deposit Box Asigra