Yet Another Cyberattack: Petya Ransomware

There is yet another global cyberattack making its way around the world. This new ransomware strain, called Petya, according to a tweet by popular security firm Avira. Petya makes use of the same exploit used in WannaCry: codename EternalBlue, a leaked NSA hacking tool. This strain of malware, however, cannot be so easily stopped like its predecessors as there is no kill switch like there was with WannaCry.


Petya Ransomware Image
Petya Ransomware Image – Source:


User’s Aren’t Getting Their Data Back

Most security researchers agree that it is a bad idea to pay hackers and here is why. It has been discovered that the email address listed on the ransomware, which the victims must contact to release their data, is hosted by a German email service called Posteo who has since blocked the account. In an official statement Posteo stated,

At noon today we learned that Ransomware blackmail is currently providing a posteo address as a contact option. Our abuse team checked this immediately — and the mailbox immediately blocked. We do not tolerate any misuse of our platform: The intermittent blocking of abused mailboxes is a normal procedure of providers in such cases. At the time of the blocking, there was no reporting on the ransomware.”

This means that the hackers responsible have been unable to access their emails, and the victims will subsequently lose access to their data because they cannot email the account.