Petya

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Petya
Alias
Group	Cryptolocker
Parent
Sibling
Family
Relations	Variants: Sibling of: Parent of: Distribution of: Campaigns:
Target	Microsoft Windows
Origin
Distribution vector	Spam, Dropbox
UserAgent
CCProtocol
Activity	/
Status
Language
Programming language
Operation/Working group

Introduction

According to https://twitter.com/hasherezade/status/714195402967367680/photo/1 the "Encryption" is done with XOR 7

Features

MBR overwrite

Bitcoin payment

Encrypt MFT

Associated images

Checksums / AV databases

39B6D40906C7F7F080E6BEFA93324DDDADCBD9FA | Virustotal

B0C5FAB5D69AFCC7FD013FD7AEF20660BF0077C2 | Virustotal

755f2652638f87ab517c608a363c4aefb9dd6a5a | Virustotal

Publications

	Author	Editor	Year
PETYA crypto-ransomware overwrites MBR to lock users out of their computers	Jasen Sumalapao	TrendLabs Security Intelligence Blog	2016
Petya ransomware skips the files and encrypts your hard drive instead	Lawrence Abrams	Bleeping Computer	2016