![]() ![]() In a normal setup, this string should contain encrypted information that will be used to restore the decryption key. ![]() If we compare this randomly generated data and the final installation ID shown in the first screen, they are the same. Kaspersky Lab researchers Anton Ivanov and Orkhan Mamedov wrote: Tuesday's malware, by contrast, was generated using pseudorandom data that was unrelated to the corresponding key. In the 2016 version of Petya, the ID contained crucial information for the key recovery. Researchers at antivirus provider Kaspersky Lab, in a blog post published Wednesday, labeled the previous day's malware a "wiper." They explained that for attackers to decrypt a paying victim's computer, they need a "personal infection ID" that's displayed in the ransom note. Researchers analyzing Tuesday's malware-alternatively dubbed PetyaWrap, NotPetya, and ExPetr-are speculating the ransom note left behind in Tuesday's attack was, in fact, a hoax intended to capitalize on media interest sparked by last month's massive WCry outbreak. Some researchers have said Shamoon is likely the work of developers sponsored by an as-yet unidentified country. Instead, its true objective was to permanently wipe as many hard drives as possible on infected networks, in much the way the Shamoon disk wiper left a wake of destruction in Saudi Arabia. In other words, the researchers said, the payload delivered in Tuesday's outbreak wasn't ransomware at all. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it's impossible for victims to recover their data. ![]() Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya's behaviors. Further Reading A new ransomware outbreak similar to WCry is shutting down computers worldwideInitially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. ![]()
0 Comments
Leave a Reply. |