Book a Demo
New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Meet the team at Infosecurity Europe 2025
Book a Meeting
Book a Demo

Petya, NotPetya - Call It Whatever, It's Still Ransomware!

By: Cymulate

Last Updated: December 12, 2024

Tuesday, June 27th, just a little over a month after the Wannacry ransomware campaign, in just a few hours, multiple reports of a worldwide outbreak regarding a new ransomware campaign are sprouting everywhere. Some say it is a new variant of "Petya” others call it “NotPetya”. The new Petya ransomware variant infections broke out in Ukraine and spread from there to other countries. The proliferation of this ransomware is believed to begin with a malicious email containing ransomware embedded in a password-protected Word file.

How does Petya Ransomware work?

What does it do? Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that after opening the attached file, the infected machine communicates with the 182.165.29.78 IP address. Following opening a communication channel between the infected machine and the malicious C&C, a screenshot appears which displays that a scan of the hard disk is in progress (CHKDSK). It is believed that this is when the distribution of the ransomware within the network begins using several communication protocols such as SMBv1, and a number of additional protocols and lists 139, 445, and 135. The ransomware scans the computer folders and encrypts most of the useful files and data. After encryption, the ransomware displays a message that requires the user to pay hundreds of dollars for the de-encryption of the data. Victims have a specific amount of time to pay. If payment is not made by the deadline, the ransom increases. CYMULATE POINT OF VIEW Organizations that tested their security and identified vulnerabilities through Cymulate, were presented with mitigation procedures for other ransomware, which also mitigated the vulnerability that this new threat used. Many organizations would have avoided the attack if they had used Cymulate, hence the importance of continuous testing, identification of vulnerabilities, and mitigation. To test yourself today, visit our website, register, and try for free our Immediate threat sample of the NotPetya ransomware. Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate's platform. Start a Free Trial Stay cybersafe! Update November 2021 - Preparedness against ransomware is improving
image
Cymulate
Cymulate empowers organizations to fortify their defenses through continuous assessment and validation of their security posture. With a focus on threat simulation, comprehensive security assessments, and a commitment to innovation, Cymulate equips organizations with the tools and insights needed to stay ahead of cyber threats.
More about Author
Ready to start?
Book a Demo

Featured Resources

Cymulate Article
blog

11 Email Threats Your Organization Needs to Know 

Email remains the primary entry point for cyberattacks. From nation-state actors to low-level cybercriminals, adversaries continually exploit the ubiquity and

Read More
image
blog

Proactive Security in Action: What Real-World Gaps Reveal About Cyber Resilience 

Today’s threat actors move fast, and reactive security is no longer enough. Most breaches have a common root cause: a

Read More
image
E-book

10 Cybersecurity Exposures You Can’t Afford to Ignore

Lessons from Real-World Exposure Validation Think your defenses are airtight?Even well-funded, mature security programs can leave dangerous gaps. This eBook

Learn More

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo