What Petya/NotPetya Ransomware Is and What Its Remidiations Are
Ransomware attacks have been growing worldwide since they appeared around 2012. The idea of ransomware attacks is, encrypting and locking the files on a computer until the ransom is paid. These attacks usually enter the system by using Trojans, which has malicious programs that run a payload that encrypts and locks the files. The basic goal of this type of attack is getting money, so hackers usually unlock the files when they receive the money, but really there is no guarantee of that. Ransomware attacks have various versions such as Reveton, CryptoWall, WannaCry, and Petya. The Petya attack is the attack that this paper discusses, especially the most recent version of it, which is referred as NotPetya. This paper defines the NotPetya attack, explains how it works, and where and how it spreads. Also, this paper discusses four solutions available to recover after a system infected by the NotPetya attack and propose the best solution depending on intense research about the recovering solutions of this attack.
KeywordsNotPetya recovering NotPetya ransomware NotPetya ransomware removing NotPetya ransomware solutions NotPetya ransomware prevention
- 1.Alert (TA17-181A) Petya Ransomware, US-CERT (2017). [Online]. https://www.us-cert.gov/ncas/alerts/TA17-181A. Accessed 7 Nov 2017
- 2.O. Solon, A. Hern, Petya’ ransomware attack: what is it and how can it be stopped?, The Guardian (2017) [Online]. https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how. Accessed 7 Nov 2017
- 4.P. Bedwell, A deep dive into the NotPetya ransomware attack, Lastline (2017) [Online]. https://www.lastline.com/blog/notpetya-ransomware-attack/. Accessed 7 Nov 2017
- 5.L. Abrams, Petya Ransomware skips the Files and Encrypts your Hard Drive Instead, BleepingComputer (2016). [Online]. https://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/. Accessed 7 Nov 2017
- 6.A. Kharpal, ‘Petya’ ransomware: All you need to know about the cyberattack and how to tell if you’re at risk, CNBC (2017). [Online]. https://www.cnbc.com/2017/06/28/petya-ransomware-cyberattack-explained-how-to-tell-if-youre-at-risk-or-been-attacked.html. Accessed 7 Nov 2017
- 7.T. Fox-Brewster, 3 Things You Can Do To Stop ‘NotPetya’ Ransomware Wrecking Your PC, Forbes (2017). [Online]. https://www.forbes.com/sites/thomasbrewster/2017/06/28/three-things-you-can-do-to-stop-notpetya-ransomware-wrecking-your-pc/#6f276e377b05. Accessed 7 Nov 2017
- 8.I. Thomson in San Francisco 2017 at 03:19 tweet_btn(), Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide, The Register®—Biting the hand that feeds IT (2017). [Online]. https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/. Accessed 8 Nov 2017.
- 9.Symantec Security Response, Petya ransomware outbreak: Here’s what you need to know, Symantec (2017). [Online]. https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know. Accessed 8 Nov 2017
- 10.S. Eschweiler, Decrypting NotPetya/Petya: Tools for recovering your MFT after an attack, CrowdStrike (2017). [Online]. https://www.crowdstrike.com/blog/decrypting-notpetya-tools-for-recovering-your-mft-after-an-attack/. Accessed 7 Nov 2017
- 11.J. Splinters, NotPetya ransomware virus. How to remove? (Uninstall guide), 2-spyware (2017). [Online]. https://www.2-spyware.com/remove-notpetya-ransomware-virus.html#data-recovery! Accessed 7 Nov 2017
- 12.Patrik, Petya.A/NotPetya virus removal——How to protect computer, My AntiSpyware (2017). [Online]. http://www.myantispyware.com/2017/06/28/petya-notpetya-virus/. Accessed 7 Nov 2017
- 13.CASPAR, Guide to remove NotPetya ransomware permanently, Viruses Removal Pro (2017). [Online]. http://provirusesremoval.com/guide-remove-notpetya-ransomware-permanently/. Accessed 7 Nov 2017]
- 14.P. Paganini, Ransomware: How to recover your encrypted files, the last guide, Security Affairs (2016). [Online]. http://securityaffairs.co/wordpress/53438/malware/ransomware-recover-guide.html. Accessed 7 Nov 2017