back to article Petya ransomware returns, wrapped in extra VX nastiness

Researchers have spotted a variant of last year's Petya ransomware, now with updated crypto and ransomware models. Kaspersky's Anton Ivanov and Fedor Sinitsyn say the attack, which they've dubbed “PetrWrap”, uses the PsExec tool to install ransomware on any endpoint it can access. Rather than use the original Petya, which was …

  1. Paratrooping Parrot
    Mushroom

    Priorities

    Rather than trying to spend a large amount of time and money fighting piracy, there should be more efforts in fighting the scourge that is ransom encrypting malware. The losers in piracy are the movie and music studios. The losers in those ransomware attacks are the ordinary people and also hospitals and other critical places.

    1. Halfmad

      Re: Priorities

      Hospitals are only the "losers" if local IT don't have appropriate backups running and local/network permissions set properly. At worse ransomware should encrypt local docs and shares the user has access too - that's assuming it gets past firewalls/sandboxing/AV and malware protection and application whitelisting etc.

      Restoring a few folders is the bread and butter of most sysadmin roles, hardly a big deal and that's the WORSE case scenario in a well run IT department.

      Proper application whitelisting alone massively reduces randomware infections on it's own.

      1. Anonymous Coward
        Anonymous Coward

        Re: Priorities

        Unless, of course, the malware gets smart and pulls a "sleeper": silently corrupting the backups FIRST, THEN trashing the systems after a few months so that they try to go back to the backups only to find out they don't work (or worse, are themselves infected).

        1. El_Marco1964

          Re: Priorities

          Backups shouldn't be on a local file system, keep them off site. Use folder redirection to storage, replicate that then back it up to an offsite air-gapped solution. Simples.

          1. Charles 9 Silver badge

            Re: Priorities

            Except they have to be attached at some point to CREATE the backup. A sneaky malware can just corrupt the backup at the point of creation.

    2. Charles 9 Silver badge

      Re: Priorities

      "Rather than trying to spend a large amount of time and money fighting piracy, there should be more efforts in fighting the scourge that is ransom encrypting malware."

      How do they do that when the writers typically live in countries hostile to the West?

    3. Mark 85 Silver badge

      Re: Priorities

      Follow the money. Big corporations have the money and lawyers. We "little folk", as always, are the cannon fodder no one cares about*,

      *Except at election time and when there's money to be made from us.

      1. Charles 9 Silver badge

        Re: Priorities

        And if the money trail leads to a hostile state?

        1. Anonymous Coward
          Anonymous Coward

          Re: Priorities

          "And if the money trail leads to a hostile state?"

          Isn't that one of the stated reasons why all major countries have international spy groups?

          These things are tolerated in some places because they tend not to annoy too many powerful people in their own countries. If a Russian created bit of malware that infected a US institution was quickly redeploy by the CIA back into Russia, the malware writers would have a serious life expectancy problem.

          The ransoms tend to be paid in bit coin and that can be traced back so it isn't like these people can't be found.

          The US law has says a person who receives payment for malware can be sent to jail for 39 months per charge under the wire fraud regulations. The justice department already has tools to present these cases to a grand jury and indict the creators where they can be collected if they ever visit the a friendly country. 20 charges can be 65 years in Leavenworth. A few long term jail terms for malware and spammers might just start putting a dent in the problem. Spammers are now costing the global economy about 250 billion dollars a year.

          1. Charles 9 Silver badge

            Re: Priorities

            "The ransoms tend to be paid in bit coin and that can be traced back so it isn't like these people can't be found."

            Explain this since one idea of Bitcoin is that you can shuffle it around between different wallets under your control (you can create a whole bunch of them at the drop of a hat, which BTW wouldn't touch the blockchain at that point) so that it's a lot easier to launder Bitcoins.

  2. Anonymous Coward
    Anonymous Coward

    Stupid question but how do you avoid these types of ransomware?

    Is it still a case of visit any webpage that happens to show adverts that are infected then you're infected? I've got chrome and adblocker, and don't install anything. Been a couple of years since I got anything like this but have had it in the past.

  3. Anonymous Coward
    Linux

    Ransomware attacks endpoints

    '“PetrWrap”, uses the PsExec tool to install ransomware on any endpoint it can access.' .. as long as it's a version of Microsoft Windows.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021