If you have not been of the unfortunate people who have been affected by the virus Petya, congratulations, because at the moment they are coded in more than 2,000 the equipment attacked and about 80 the companies affected by this ransomware ( the computer program that restricts the access to the system infected). Most infections focus on computers in Russia (30%) and in Ukraine (60%). In fact, it is believed that the attack was mainly for this country. Here in Spain, the National Cryptological Center has confirmed that several companies have been attacked, but are isolated cases and not mass, as happened in May with the crisis of WannaCry.
The modus operandi is similar to the one used at that time: emails with information of interest to the user (resumes, job offers, tax information, invoices …), which, once opened, infect the computer, restarting it And activating a screen in red letters that requests a rescue of 300 dollars in bitcoins to recover the information.
Although many refer to him as Petya, many others say that it is a variant of it. From Computer Security company Kaspersky Lab talks about a complex ransomware (they even refer to it as NotPetya ), but that would also take advantage, like the WannaCry, of the EternalBlue vulnerability of the equipment to propagate, attacking computers with the Microsoft operating system Windows. From this company, he has ensured that they work on the problem and that they will do everything possible to find a solution and protect customers.
What differences are there with WannaCry?
EternalBlue is not the only element of vulnerability that the worm uses to propagate itself. Unlike the WannaCry malicious code, the Petya would also use the EternalRomance vulnerability to gain control of the computer. Also, once inside, it does not infect the files one by one, but it is done with the passwords and user names that exist in the computers to help spread through the network. In such a way, he finds it easier to trick users and penetrate into computers. Also, the Petya goes a step further, not only encrypting the files but also affecting the operation of the computer.
Although it is unknown who is behind this massive cyberattack, it is also believed to be related to the update system of a Ukrainian accounting software called MéDoc.
From the National Cryptological Center, dependent of the National Intelligence Center, they point out that as a protection measure it is convenient to update the operating system of the computer, as well as restrict access from outside the company, in case of companies.