Petya virus has attacked the cyber world and it has infected governmental and business enterprises across Europe demanding $300 as ransom to decrypt the files on the infected systems. However, the security researchers now believe that Petya is not a ransomware attack but something far worse. Analysts believe that the attackers never intended to restore the data but to wipe it off completely.
Researchers compared the codes of the 2016 and the 2017 versions of the Petya virus and concluded that Petya is a wiper, which is far worse than a ransomware attack. This was first reported by the founder of Comae technologies, Matt Suiche, who in a blog post explained why Petya is a wiper. “2016 Petya modifies the disk in a way where it can actually revert its changes. Whereas, 2017 Petya does permanent and irreversible damages to the disk,” he wrote in his blog post.
To put it simply, there is no way of restoring your data if your system has been infected by the Petya virus as it will wipe your system clean.
Kaspersky securities came to similar conclusion. In their research, the analysts at Kaspersky found that the attackers did not decrypt the data even when the ransom was paid. In a blog post, the data security firm showed an analysis of the code of the 2017 version of the Petya virus, explaining how it is not possible for the attackers to decrypt the data of the infected system.
— Kaspersky Lab (@kaspersky) June 28, 2017
“This is the worst-case news for the victims – even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive,” Kaspersky securities explained in a blog post.
For interesting tech videos from InUth, follow us on Youtube.com/InUthdotcom