Petya Cyber Attack Deletes Your Data Forever It's Not Ransomare It's A Wiper

Source : comae

                          The virus that began spreading through European computers  informed users that they could unlock their machines by paying a $300 ransom. But it looks like the program’s creators had no intention of restoring the machines at all.  The virus was designed to wipe computers outright.

Petya malware, which is being seen as WannaCry’s obvious successor, isn’t a ransomware. It actually disguises itself as one to lure media coverage. Instead, it’s a wiper malware which destroys your data in such a manner that the possibilities of the recovery of files are thin. Hence, even paying ransom won’t get your data back.

Researchers from Comae Technologies and Kaspersky Lab have independently arrived at the same conclusion that Petya is a wiper, not ransomware. “We can see the current version of Petya clearly got rewritten to be a wiper and not a actual ransomware,” Suiche writes.

"That means that the attacker cannot extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID," the pair said.

The virus going around is a modified take on an earlier version of the Petya virus that was true ransomware. But Comae saw that code had been specifically modified to change it from a virus that encrypts a disk and demands a ransom into a virus that simply destroys the disk.

Also Read : Android O Version Is Called As " Oatmeal Cookie" Or "Oreo" But It Is Not Confirmed

What’s the difference between a wiper and a ransomware ?
The goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative. A ransomware has the ability to restore its modification such as (restoring the MBR like in the 2016 Petya, or decrypting files if the victim pays) — a wiper would simply destroy and exclude possibilities of restoration.

The 2017 Petya’s damage is irreversible, and it purposely overwrites the MBR section of the disk with the new bootloader.

Kaspersky Lab has said that Petya disguises itself as a ransomware and shows merely randomized data as the installation key. So, even the attacker can’t extract any decryption information from such data and the victim won’t be able to decrypt any disk using the key.

Comae has concluded that Petya pretends to be a ransomware to lure the media, which makes perfect sense after the amount of attention WannaCry got.

For more detailed information of the articles from Kaspersky and Comae  .

Also Read : Massive Ransomware Attack To Computers Around 100 Countries