Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Hacks & Attacks

Throwback Attack: Petya, the red skull of ransomware

  • Christina Miller
  • October 7, 2021
Courtesy: CFE Media
Courtesy: CFE Media
Total
0
Shares
0
0
0
0

When people think of ransomware, they often picture a screen blinking with an ominous skull and crossbones image, indicating that something bad is happening. In fact, search for any ransomware attack, and there’s about a 50% chance that image will appear at the top of the article. There’s a good reason for this — it actually happened. The iconic image of the skull and crossbones was put to work when the Petya malware came onto the scene in 2016 and displayed the image as part of its ransomware message.

How Petya works

The Petya ransomware was created by a group calling itself Janus Cybercrime Solutions. It is believed by many that Petya wasn’t designed to make the attacker rich but instead to gain media attention. The ransomware was received via emails disguised as job applications and mainly targeted computers in Europe. As soon as the attractive message was opened by an unsuspecting user, the malware started spreading.

Petya moves quickly across an organization using a Microsoft Windows vulnerability, CVE-2017-0144, which affects the implementation of the server message block protocol. This attack encrypts the master boot record and other documents. Then, the user receives a message to do a system reboot, rendering the system inaccessible when completed.

Petya is different from many mainstream ransomware attacks that happen now, according to a Malwarebytes Labs report. It denies access to the full system by encrypting the master file table. If a user detects the Petya malware before rebooting, there is still a way to recover the infected files. However, once the reboot is complete, the screen starts blinking, and an image of a red skull appears.

Pressing a key activates a ransom note that includes a demand of $300 in Bitcoin and instructions on how to make the payment.

The evolution of Petya

The first variants of Petya were discovered in March 2016, when the malware transferred through infected email attachments. Petya isn’t a single example of ransomware, but a group of related malware that led to so much more. It encompasses everything that the Petya malware evolved into. In June 2017, a new variant of Petya was used for a global cyberattack, which was renamed to NotPetya. Between 2016 and 2017, both Petya and NotPetya affected thousands of people.

The newer strain, NotPetya, had updated capabilities and differences in operations such as transferring through the EternalBlue exploit, which allowed it to have a broader reach and quicker spread. The attack goals for Petya ransomware are to make some quick money, while NotPetya is widely viewed as a state-sponsored Russian cyberattack cloaked as ransomware.

The NotPetya attack primarily targeted the Ukraine; however, within hours of release, the malware had infected computers around the world. According to Olivia Solon and Alex Hern, journalists at The Guardian, it spread through firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom.

Why does it matter?

The original version of Petya may not have had as big an impact as NotPetya, but it was the foundation that evolved into the massive cyberattack that circled the globe. Petya also developed into other lesser-known versions, such as the Petya and Mischa duo. The original Petya turned out to be just an introduction to what this type of malware could do.

The evolution of Petya to NotPetya took only a year, but now ransomware is evolving at a much faster pace. There are new threats coming onto the industrial landscape every day, and these have led to some of the bigger attacks such as Colonial Pipeline and SolarWinds, which hit national critical infrastructure in the U.S. earlier this year.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Christina Miller

Christina Miller is the assistant content editor at CFE Media and Technology.

Related Topics
  • CFE Content
  • Featured
  • news
Previous Article
Sagar Samtani, assistant professor of operations and decision technologies at the IU Kelley School of Business, lectures on topics related to artificial intelligence at IU. Courtesy: George Vlahakis, IU Kelley School of Business
  • Education

NSF grant will help IU train the next generation of AI, cybersecurity professionals

  • Indiana University
  • October 6, 2021
Read More
Next Article
This image shows a team of robots collaborating to search for and then retrieve lost objects. The use of blockchain technology could enable secure, tamper-proof communication among the robots as they complete their task, according to new research from MIT. Courtesy: Massachusetts Institute of Technology
  • Education

Using blockchain technology to protect robots

  • Adam Zewe
  • October 8, 2021
Read More
You May Also Like
Courtesy of: CFE Media and Technology
Read More

Throwback attack: The U.S. hits Russia with the first logic bomb attack

Cybersecurity Locks
Read More

Throwback attack: Kevin Poulsen wins a Porsche (and hacks the U.S. government)

Read More

Throwback Attack: Hacker steals source code for Half-Life 2 video game

Test 2 Alt Text
Read More

Throwback Attack: ILOVEYOU, a love letter no one wanted

Read More

Throwback Attack: The Morris Worm launches the first major attack on the internet

Image courtesy: Brett Sayles
Read More

Throwback Attack: Teamsters refuse to pay after Labor Day cyberattack

Read More

I’m sorry, we’re closed: Why most ransomware attacks happen out of hours

Read More

Throwback Attack: Ransomware criminals hack SFMTA rail system (and then get hacked themselves)

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Berkeley Internet Name Domain (BIND) - May 19, 2022
  • Mitsubishi Electric - May 19, 2022
  • Apache - May 16, 2022
  • CISA - May 16, 2022
  • Joint Cybersecurity Advisory - May 17, 2022

RECENT NEWS

  • Throwback Attack: Hackers attempt to flood Israeli water supply with chlorine
  • Will CISA recommend securing industrial control systems?
  • How to implement layered industrial cybersecurity in volatile times
  • Throwback Attack: DDoS attacks are born in the Big Ten
  • Improve two-factor authentication system security

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT