Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Petya and NotPetya: The basics

Josh Fruhlinger | Oct. 18, 2017
NotPetya superficially resembles the Petya ransomware in several ways, but there are a number of important ways in which it's different, and much more dangerous.

So what's NotPetya's real purpose? The fact that it saw an abrupt and radical improvement in efficiency over its Petya ancestor implies a creator with a lot of resources — a state intelligence or cyberwarfare agency, say. That, combined with the 2017 attack's focus on the Ukraine, caused many to point their finger at Russia, with whom Ukraine has been involved in a low-level conflict since the occupation of Crimea in 2014. This accusation was taken up by the Ukrainian government itself, and many Western sources agree; Russia has denied involvement, pointing out that NotPetya infected many Russian computers as well.

 

Petya Microsoft patch

The most important vulnerability to patch to avoid infection by the NotPetya variant is the SMB flaw exploited by EternalBlue. This hole can be patched by MS17-010, which was actually available in March of 2017, several months before the NotPetya outbreak. Still, despite the fact that that the widely publicized WannaCry outbreak, which occurred just weeks before NotPetya hit and exploited the same hole, brought widespread attention to the MS17-010's importance, there were still enough unpatched computers out there to serve as an ecosystem for NotPetya to spread.

 

Petya and Windows 10

Many of the computers infected by NotPetya were running older versions of Windows. Microsoft says that Windows 10 was particularly able to fend of NotPetya attacks, not just because most installs auto-updated to fix the SMB vulnerability, but because improved security measures blocked some of the other ways NotPetya spread from machine to machine.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.