Many countries in Europe, the USA, and some Asian countries like Taiwan have been affected by cyber-attacks recently. Wannacry, Petya or not Ransomware Petya is the malware behind these cyber-attacks. By using those ransomware cybercriminals are encrypting data in computers. The wannacry attack happened in May of 2017 and Petya variant struck the world at the end of June. Wannacry ransomware uses encryption tools to hold data but the Petya is a wiper, which is in disguise as ransomware. Wiper malware is designed to destroy systems and data.
Wannacry and Petya both ransomware have targeted Windows systems. Both the ransomware includes Eternalblue exploit. These exploits provide malware worm capabilities to maximize damage. Victims of the ransomware were informed about the encryption of data and demanded ransom in Bitcoin. Wannacry and the Petya variant have some similarities but the Petya variant is more destructive. Many embedded product Development Company which include software companies are updating systems to keep data safe and asking the consumer to update the system regularly.
The latest ransomware petya variant is using an EternalRomance exploit in addition to EternalBlue which enables remote privilege escalation on certain versions of Windows. The latest ransomware is deadlier than Wannacry. Individuals or organizations whose systems were up to date got rid of Wannacry because Wannacry needs Eternalblue exploits and failed if the vulnerability had been remediated early. But in the case of the Petya variant, organizations or individuals who had applied relevant patches were also infected. Wannacry malware requires a connection with the attacker’s command and control server before execution.
If a connection could not be established then the Wannacry would not be executed. The Petya variant does not need all these things. It can execute, spread, and encrypt without connecting out to the controller’s server. Both the ransomware attempted to spread using an SMB vulnerability. The Petya variant did not need SMB vulnerability to spread in the system. If somehow, the SMB route failed then the Petya variant was able to achieve an alternate route using PsExec and WMIC to gain access to the system. Product engineering services including product architecture, product design, and product testing for software should be done in a way that effective software with higher security can be produced and launched in the market
Wannacry ransomware encrypts data on an infected machine using RSA 2048 encryption. The attackers held decryption keys in their control center. If the ransom amount is paid then they provide victims the decryption keys. But the Petya variant encrypts not only the data files but also corrupts the MBR and MFT and the decryption keys were generated randomly.
So if the victims pay the ransom to the attackers, they were not able to provide correct decryption keys to restore data as keys were generated randomly. Both ransomware have different encryption techniques and both have different intentions. Wannacry wanted to earn money but Petya’s variant intention was to disrupt the operations of several businesses and government agencies. In Wannacry data will not be lost if no backup is taken, the data can still be recovered but in the Petya variant, data cannot be recovered easily as corruption of MBR and MFT makes it difficult.
Software companies should increase offshore software development services and use new technology to build software safe and reliable. They should build offshore offices to provide support in this kind of disrupted situation. New and updated software should be used to keep data safe.