OR

Profile Image Dilip Dutta

Petya / Petwrap Ransomware

What is this? Any measures to protect it? 4 months ago

  • Knowledge Junction:Answered in 1 mins

    Petya/Petwrap ransomware is yet another, ransomware attack - or in lay man terms - a virus attack that disables / locks your Windows computer and does not allow you to use unless you pay a fixed sum in 'Bitcoins' to the guys who have created this code.

    Affected countries: UK, Ukraine, India, the Netherlands, Spain, Denmark, and others

    Behavior:
    Encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.


    Actions to be taken:
    1. Block source E-mail address
    wowsmith123456@posteo.net

    2. Block domains:
    http://mischapuk6hyrn72.onion/
    http://petya3jxfp2f7g3i.onion/
    http://petya3sen7dyko2n.onion/
    http://mischa5xyix2mrhd.onion/MZ2MMJ
    http://mischapuk6hyrn72.onion/MZ2MMJ
    http://petya3jxfp2f7g3i.onion/MZ2MMJ
    http://petya3sen7dyko2n.onion/MZ2MMJ
    http://benkow.cc/71b6a493388e7d0b40c83ce903bc6b04.bin 
    COFFEINOFFICE.XYZ
    http://french-cooking.com/

    3. Block IPs:
    95.141.115.108
    185.165.29.78
    84.200.16.242
    111.90.139.247
        
    4. Apply patches:
    Refer(in Russian): https://habrahabr.ru/post/331762/

    5. Disable SMBv1

    6. Update Anti-Virus hashes
    a809a63bc5e31670ff117d838522dec433f74bee
    bec678164cedea578a7aff4589018fa41551c27f
    d5bf3f100e7dbcc434d7c58ebf64052329a60fc2
    aba7aa41057c8a6b184ba5776c20f7e8fc97c657
    0ff07caedad54c9b65e5873ac2d81b3126754aac
    51eafbb626103765d3aedfd098b94d0e77de1196
    078de2dc59ce59f503c63bd61f1ef8353dc7cf5f
    7ca37b86f4acc702f108449c391dd2485b5ca18c
    2bc182f04b935c7e358ed9c9e6df09ae6af47168
    1b83c00143a1bb2bf16b46c01f36d53fb66f82b5
    82920a2ad0138a2a8efc744ae5849c6dde6b435d

    myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6
    BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD

    This is the best update we have so far. Do write in for further clarification.
    Be safe.

  • Query is Resolved. We were glad we could help.
    Disclaimer: The comments and replies are the sole opinion of the author and cannot be replaced or substituted for real consultation. Please go through our Terms & Conditions carefully.