Petya: Is it just a ransomware or something far more dangerous?

Jordan Cueto | July 7, 2017 at 1:53 pm

Petya might be more than just your everyday ransomware attack. According to Gizmodo, NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) announced that the attack is believed to be a potential act of cyber war. At this point in time, it is clear that it uses the same exploit as WannaCry (EternalBlue and EternalRomance) that were leaked from the National Security Agency of America (NSA) by Shadow Broker. This has led to most people believing that it’s just another copycat ransomware.

However, as days go by, it became apparent that it was more than that. Experts say that there’s no one who would benefit if it is indeed a ransomware as no one is gaining profit from it considering how elaborate the attack was — it’s just a disruptive worm that locks down systems.

Matt Suiche, Microsoft MVP and founder of cybersecurity firm Comae, said that Petya was clearly written as a wiper and not a ransomware. He believes that the term “ransomware” is just being used by the attackers to mask their real motives and to control the media narrative saying that the term “ransomware” suggests “some mysterious hacker group” was behind the attack instead of a national state.

Of course, these are still speculations. However, up until this moment, Petya seems to be focusing Ukraine more than any other country. Disrupting electric supply, its central bank, telecoms, and one of its airport — all of these with no apparent goal of making money.

Suiche wrote in his blog post:

“After comparing both implementations, we noticed that the current [implementation] that massively infected multiple entities in Ukraine was in fact a wiper, which just trashed the 25 first sector blocks of the disk… ”

“Ransomware needs the ability to restore the MBR,” Suiche told CyberScoop. “A wiper makes it so that files can’t be restored… typically, ransomware will decrypt files if you pay, or restore the MBR if you pay. This doesn’t do that. It’s destructive.”


What can we do?

Petya is a statement. It boldly reminds us that the technology we have now is far more advanced than anyone could ever imagine. If a cyber attack can cripple a nation and expose it to risk, what’s stopping it from attacking the normal person and wreaking havoc across the entire globe?

Here are some basic steps that anyone can do protect themselves from Petya:

  1. Ensure the latest security updates installed and patch the system regularly. Keep the backups, Scan everything with a reliable document management system like Enadoc.
  2. Patch the EternalBlue (MS17-010) and disable the unsecured, SMBv1 file-sharing protocol on your Windows systems.
  3. Petya Kill-Switch: according to PT Security, users are advised to create file (i.e. “C:\Windows\perfc”) and set it to read-only to prevent ransomware infection.
  4. Do not reply to “Customer Service” to pay. The email is shutdown so there’s no way to get the decryption key.
  5. Always be suspicious of unwanted files and documents sent over email and never click on links inside them unless verifying the source.
  6. Ensure your antivirus guards are installed and updated. Ensure total security.


According to The Guardian, majority of antivirus companies claim that their software is now updated to protect systems against the new Petya and with cybersecurity stocks jumping in value, it’s apparent that the whole world is starting to take cybersecurity seriously.

For those already infected by Petya, Sumann Subramaniam, Enterprise Security Expert at Tech One Global, also advises the following steps:



Create a file called perfc with no extension in %windir%

  1. Open Notepad
  2. Go to “File”
  3. Select “Save As”
  4. In File name, type “perfc”
  5. Save as type: All Files
  6. Save this file in %windir% and put this in to the address bar
  7. Click Save

Of course, nothing beats an enterprise level of security for global threats like Petya. Solutions like Azure and Office 365 wield the power of the cloud to provide backups that can restore a company’s whole system straight from scratch. These solutions also wield Microsoft’s own Digital Crimes Unit (DCU) that constantly monitors and deals with the deadliest cyber threats before it reaches your business operations.

In times like these where technology now counts as a weapon for warfare, nothing beats staying updated and ahead to keep your digital life secured.

Subscribe to Tech One Global for the hottest updates on Petya and a lot more on cloud, IoT, and big data.

Share with
  • 37