Petya Ransomeware Attack : What to Do immediately
Petya/Petwrap ransomware What is Petya Ransomeware do? Ans: Ransomware, Petya does not encrypt files on a targeted system one by one. Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot. Why it spreads fast? Ans : Petya ransomware successful in spreading because it combines both a client-side attack (CVE-2017-0199) and a network based threat (MS17-010) So patch both first! Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others Behavior: Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that s