A new Petya-based ransomware is quickly spreading and infecting PCs worldwide. Here’s what consumers need to know about this growing outbreak, and what they should do now to stay safe.

Hamburguer menu icon

This article contains:

    While ransomware was initially used to target companies, cybercriminals today target home users just as frequently. The virus usually finds it way in through operating systems that have not been updated, so users should always make sure both their antivirus software and operating systems are the most recent versions.

    Further to reports of a massive cyberattack hitting a number of companies in Ukraine, including banks, energy companies, and transport services, as well as the government, we believe this malware is based on a particular type of ransomware first identified in 2016, when it was spotted, patched, and bundled in a strain called PetrWrap.

    The Ukraine attack has spreadisappears to be spreading, with incidents being reported in the U.S, U.K, Russia, India, France, Spain, Germany, Brazil, Belgium, and the Netherlands, among others.. Those behind the attack are demanding from each user a $300 ransom to be paid in the cryptocurrency Bitcoin.

    This modification of Petya seems to be spreading using the EternalBlue vulnerability, the same one used to spread WannaCry. Avast has seen over 12,000 malware attempts to exploit EternalBlue, which we detected and blocked. Our internal data reveals that 38 million PCs scanned last week had not patched their systems with updates and were running with the EternalBlue vulnerability. The actual number of vulnerable PCs is probably much higher.

    While we don’t know who is behind this specific cyberattack, we do know that one of the contemptible characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model. The model gives distributors a share of up to 85% of the paid ransom, while 15% is kept by the malware authors. The malware authors provide the whole infrastructure, C&C servers, and money transfer method. This type of model is called “ransomware-as-a- service (RaaS),” which allows the malware creators to win over non-tech savvy customers to distribute their ransomware.


    AVG Protection

    We strongly recommend that all Windows users update their systems with the latest patches as soon as possible, and make sure their antivirus software is also up to date. AVG antivirus technology detects and removes the Petya-based ransomware, as well as other kinds of malware. If your PC is infected with Petya, our antivirus will detect, quarantine, and destroy it. If it detects Petya trying to enter your computer, it will block it from getting in. If you are looking for a thorough and comprehensive malware removal and prevention tool, AVG has got you covered — from the essential protection of our AntiVirus FREE to the advanced security and performance features of AVG Internet Security.