Feeling relieved after a series of Malware/Ransomware Attacks? Another is here to haunt You

It just might have been only a month when WannaCry Ransomware attack haunted the users world-wide. It not only attacked but also demanded for ransom to get the machines unlocked.


Today, reportedly another attack is spreading rapidly and is already underway across Europe. The most affected area is Ukraine till now.

As per the reports, in Ukraine its Central Bank, Metro, Boryspil Airport as well as the major Power Suppliers have been affected.

The intrusion is “the biggest in Ukraine’s history,” Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook. The goal was “the destabilization of the economic situation and in the civic consciousness of Ukraine,” though it was “disguised as an extortion attempt,” he said.

Similarly, Maersk in Denmark has also confirmed that their systems are down due to a cyber-attack along with Russia’s Oil Company named Rosneft have been affected.

This new attack is believed to be a another Ransomware attack. It is named as ‘Petya’ or ‘Petwrap’. Just like WannaCry, this too uses Eternal Blue exploit developed by U.S. National Security Agency (NSA).

Unlike previous attacks, this attack is spreading very rapidly and has already affected the areas mentioned above. The rate of infection is a thousands of infection attempts at a moment. This attack is shutting down computers of Corporate Offices, Power Supplies and Banks across Russia, Ukraine, Spain, France, UK, India and Europe.


Saw the image above? If you observe clearly, this Ransomware demands $300 exactly like WannaCry in Bitcoins.

How it Works?

Well, Petya does not encrypt files one by one, but uses even more extreme level method:

Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

This attack is currently on Old Machines or the Machines running on previous versions of Windows without any latest update installed.

Stay tuned to MSLeaks for everything latest related to Tech!

Source: MS Poweruser, MSN, ON MSFT, Windows Central

Leave a Comment