petya

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and DarkSide, exploited vulnerabilities in Windows SMBv1 Remote Code Execution, as indicated by CVE-2017-0144, CVE-2017-0145, and CVE-2017-0143. Variants of Petya, such as Goldeneye and NotPetya, have caused significant damage, with NotPetya focusing more on destroying files rather than collecting money. The cyberattacks were so extensive that they even brought the country of Ukraine to a virtual standstill during the outbreak. In response to these threats, several decryption tools were developed to help victims recover their data without paying the ransom. One such tool was created specifically for Petya, but it could also retrieve the decryption key for other types of ransomware. Another widely used tool was developed by Trend Micro, which could unlock a variety of ransomware including Petya, WannaCry, TeslaCrypt, and Jigsaw. In July 2016, the rival ransomware group Petya released 3,500 Chimera decryption keys, providing further relief to victims. These widespread attacks have led to increased awareness and action towards cybersecurity. While the scale and impact of the attacks were unprecedented, they also served as a wake-up call for many organizations and individuals about the importance of cybersecurity. A notable case occurred on March 22, 2018, when the city of Atlanta's IT infrastructure was significantly disrupted by a ransomware attack using the SamSam virus. Despite the challenges, these incidents have prompted an increase in security measures and the development of more sophisticated tools to combat such threats, raising the question of whether we are cybersafer than ever before.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Goldeneye
2
GoldenEye is a recognized threat actor in the cybersecurity world, known for its malicious activities. It's often considered a variant of Petya and has been referred to as WannaCry's sibling due to similarities in their operations. GoldenEye appears to be an adaptation of another source code on GitH
petrwrap
2
Petrwrap is a new variant of malware that has recently emerged, distinguishable enough from its predecessor, Petya, to warrant its own name. It has also been referred to as GoldenEye in some circles. This malicious software is designed to infiltrate computer systems, often through suspicious downloa
Expetr
1
ExPetr, also known as PetrWrap, Petya, or NotPetya, is a threat actor that emerged in the cybersecurity landscape on April 15, 2017, with its first ransomware attack infused with EternalBlue. The code used by ExPetr was borrowed from another malicious software called Win32/Diskcoder.Petya ransomware
DarkSide
1
DarkSide is a notorious threat actor known for its malicious activities involving ransomware attacks. The group gained significant notoriety in 2021 when it attacked the largest oil pipeline in the United States, leading to a temporary halt of all operations for three days. This incident, along with
Apocalypse
1
Apocalypse is a threat actor known for its malicious intent in the cybersecurity world. It's associated with a variety of ransomware, including a variant named Al-Namrood. The Apocalypse ransomware and its variants have been a significant concern due to their capacity to encrypt files, making them i
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Encrypt
Encryption
Mft
Exploit
Australian
Vulnerability
Ransom
Phishing
Exploits
Backdoor
Locker
Wiper
State Sponso...
Worm
Windows
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
WannaCryUnspecified
3
WannaCry is a notorious malware that was responsible for one of the largest ransomware attacks in history, occurring in 2017. This malicious software, designed to exploit and damage computer systems, infiltrated networks worldwide through suspicious downloads, emails, or websites. Once inside a syst
NotPetyais related to
2
NotPetya is a notorious malware that was unleashed in 2017, primarily targeting Ukraine but eventually impacting systems worldwide. This malicious software, which initially appeared to be ransomware, was later revealed to be data destructive malware, causing widespread disruption rather than seeking
KillDiskUnspecified
1
KillDisk is a potent malware, initially designed to overwrite targeted files instead of encrypting them. First seen in action during December 2016, it disrupted recovery processes by erasing critical system and workstation files. The TeleBots group notably used KillDisk in the final stages of their
MazeUnspecified
1
Maze is a type of malware, specifically ransomware, that gained notoriety in 2019 for its double extortion tactic. This malicious software infects systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data hostage for ransom. Maze w
PysaUnspecified
1
First observed in October 2019, Pysa, also known as Mespinoza, is a human-operated ransomware created by an unidentified advanced persistent threat group. It primarily targets high-value financial and governmental entities but has also been implicated in attacks on healthcare, education, and law enf
SamSamUnspecified
1
SamSam is a type of malware, specifically ransomware, that was first deployed by the cybercriminal group GOLD LOWELL in 2015. This malicious software is designed to infiltrate systems through suspicious downloads, emails, or websites and then exploit the compromised system, often stealing personal i
REvilUnspecified
1
REvil, also known as Sodinokibi, is a type of malware that gained notoriety through its use in ransomware attacks. As the Ransomware as a Service (RaaS) model grew in popularity during 2020, relationships between first-stage malware and subsequent ransomware attacks were established. One such connec
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
diskcoder.cUnspecified
1
None
TeslacryptUnspecified
1
TeslaCrypt is a notable threat actor that emerged with a focus on targeting computer gamers. This malicious entity was responsible for executing ransomware attacks, encrypting victims' files and demanding payment for their release. The group gained notoriety with several versions of their ransomware
EncryptileUnspecified
1
None
BtcwareUnspecified
1
None
TelebotsUnspecified
1
TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize
win32/diskcoder.petyaUnspecified
1
None
ChimeraUnspecified
1
Chimera, a threat actor group known for its malicious activities, first gained notoriety as one of the initial ransomware strains that threatened to leak victims' data unless a 2.5 bitcoin ransom was paid. The group primarily spread their ransomware via emails containing malicious Dropbox links. In
Alcatraz LockerUnspecified
1
None
BadblockUnspecified
1
BadBlock is a recognized threat actor in the cybersecurity industry, known for its involvement in malicious activities. These activities typically involve the execution of ransomware attacks that encrypt user files and demand a ransom for their decryption. This group has been linked to major ransomw
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
EternalblueExploited
2
EternalBlue is a significant software vulnerability that exists in the design or implementation of certain systems. This flaw has been exploited by various cyber threats, with one notable instance being its use as an enabler for the widespread WannaCry ransomware attack. The exploit allows attackers
CVE-2017-0145Unspecified
1
None
CVE-2017-0143Unspecified
1
None
CVE-2017-0144Unspecified
1
None
Source Document References
Information about the petya Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
Interview with Herbert Lin: “Cybersecurity is a never-ending battle”
CERT-EU
5 months ago
Are we "cybersafer" now than ever? - Panda Security
Recorded Future
5 months ago
What is the Cyber Kill Chain? Phases and Process Explained
CERT-EU
6 months ago
What is a ransomware decryptor? | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
6 months ago
Examples of Past and Current Attacks | #ransomware | #cybercrime | National Cyber Security Consulting
Securityaffairs
6 months ago
Merck settles with insurers regarding a $1.4 billion claim
CERT-EU
6 months ago
Low cost, high reward: The hackers holding Australia to ransom
CERT-EU
8 months ago
The history of malware: A primer on the evolution of cyber threats - MC Press Online
Checkpoint
8 months ago
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
CERT-EU
8 months ago
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
CERT-EU
9 months ago
Stealthy Ransomware: Extortion Evolves by Kevin Kennedy
CERT-EU
10 months ago
How Cyberattacks Are Transforming Warfare
CERT-EU
10 months ago
Qualys Top 20 Exploited Vulnerabilities | Qualys Security Blog
CERT-EU
a year ago
Cyberattack confirmed by Micro-Star International
CERT-EU
a year ago
Cybersecurity – An interesting ode of Challenges and Opportunities for Startups
CERT Polska
a year ago
Sage 2.0 analysis
MITRE
a year ago
KillDisk Variant Hits Latin American Financial Groups
MITRE
a year ago
New Ransomware Variant "Nyetya" Compromises Systems Worldwide
MITRE
a year ago
Petya Ransomware | CISA
DARKReading
a year ago
Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems