By now, you probably have heard about the new ransomware tool called PetrWrap. News about this ransomware tool surfaced yesterday and it was reported that it had affected key government assets in Ukraine. We have seen an increase in ransomware attacks the last 12 months and this is just the latest one.
Essentially, a ransomware is a malicious software that encrypts some of your files and asks you to pay a certain amount of money to have them decrypted. The malware holds your files at ransom and only those who developed it can give you the key and in most cases you cannot do that yourself. In some cases, if you try decrypting the files without contacting the cybercriminals who developed it, you risk losing the said files completely.
So, What is PetrWrap and What Does it do?
PetrWrap is a ransomware tool that is built from the structure of Petya, a ransomware tool that was released not so long ago. PetrWrap is built on Petya and its different from the latter as it tries to subvert protections that came about after the spread of Petya. This ransomware has already affected some key government institutions in Ukraine including the Ukranian power company, the central bank and Kiev’s main airport according to the BBC.
Since PetrWrap is a repurposed ransomware version of Petya, it comes with a few pieces of the initial ransomware and is designed to do the same function and avoid protections implemented after the rise of Petya.
When PetrWrap makes its way into your system, it goes to the hard drive and encrypt its files so that you cannot access them unless you get the key that the cybercriminals responsible for this ransomware attack can give you. With that said, you will have to pay the cybercriminals who will then give you the key. Keep in mind that this is not guaranteed and you may pay the ransom and still not get the key.
It is being reported that PetrWrap uses the EternalBlue exploit that we saw a couple of weeks ago with the WannaCry ransomware.
How it spreads
The BBC reports that the ransomware most probably spreads via an infected spreadsheet through email. Most ransomware attacks spread via email as this seems to be the easiest way to reach as many people as possible. This is especially so if the attackers want their ransomware want it to get to a company’s network. With this in mind, cybersecurity experts have advised people not to click on email attachments from people they do not know and to generally be careful when downloading any attachments sent to them via email.
PetrWrap can patch vulnerabilities in Petya that made it easy to security firms to restore the encrypted data. This is according to SecureList which also reports that even though your antivirus may detect PetrWrap, by that time the damage will already have been done.
Since PetrWrap is already spreading, the best option for you right now is to make sure you are not affected. If you are on a company network and are not the system administrator, you may want to seek help from the administrator on how to protect yourself.
Just to be safe, some of the few things recommended are as follows:
Update your system as soon as possible
Make sure you have an antivirus installed and activate Windows Defender.
Do not download or click on email attachments from people you do not know
If you are affected, you should probabaly not pay up since the hackers behind this ransomware do not have the email account they need to send out the encryption keys. The email account was provided by Posteo and the company has announced that it has shut down that particular address and this means that the hackers will not be able to send you the encryption key even if you pay.
Also Read: Ransomware: Should You Pay?