Earlier today on July 7, 2017 the author of the infamous Petya ransomware released the master key. You can now unlock any device that has been locked down from the Petya ransomware. The Petya ransomware was equipped with pieces of leaked NSA weapons, specifically from the “Eternal” series including other pieces of code. Petya is a bit different than the now-famous WannaCry ransomware. WannaCry would first encrypt the victims device. Then it would ask for payment so that you may unencrypt your device and get your data back. Petya would do the same until it was time to unencrypt the victims device. Once the victim paid Petya, it would then delete everything on the victims device. Which is interesting because on the surface Petya seems like a ransomware but is actually a “wiper”.
“EternalPetya seems to be a patchwork made of code stolen from various sources. In addition to the modified version of the GoldenEye Petya kernel, we can find the leaked NSA exploits from the “Eternal” series as well as legitimate applications, such as PsExec.” - https://blog.malwarebytes.com
“In other words, the researchers said, the payload delivered in Tuesday's outbreak wasn't ransomware at all. Instead, its true objective was to permanently wipe as many hard drives as possible on infected networks, in much the way the Shamoon disk wiper left a wake of destruction in Saudi Arabia. Some researchers have said Shamoon is likely the work of developers sponsored by an as-yet unidentified country.” - https://arstechnica.com
This form of attack was spread through phishing and other means. This is why we need to take precaution when dealing with links. This issue needs to be pressed into our mind-set as the new generation of digital humans arrive online. These threats will also continue to evolve as we see with Petya. No one really know where it came from or who wrote it (My bet is on the NSA). There are classical “signatures” pointing in very different directions. What we do know is that whomever wrote Petya knew what they were doing. A piece of code like this isn't something you just wake up to one day and say “Well, I'm going to create some ransomware this fine Sunday morning” this was done by a sophisticated actor. More about the technical details can be seen on the Malwarebytes blog.
“The edits made in the code are well crafted – the person doing them was fluent in assembly and knew exactly what to change and why. Thus, it gave the first impression of very neat and clean modifications, that could possibly be a result of code recompilation.” - https://blog.malwarebytes.com
“It is common practice among unsophisticated actors (script-kiddies) to steal and repurpose someone else’s code. However, in this case, the composition was done well by a person or team with good technical knowledge and careful execution. A possible reason for using so many stolen elements, apart from saving actor’s time, could have been to throw off any obvious signs of attribution.” - https://blog.malwarebytes.com
Petya might have been new to many but it's not new to people in the intelligence/security sectors. The original author of Petya goes by Janus and was contacted as soon as the Petya virus spread. He stated that it wasn't him who had spread the “updated” version of Petya into the wild. This was later confirmed by multiple independent security researchers.
“The source code of the original Petya has never been leaked publicly, so in case it was recompiled it proves that the original Petya’s author, Janus, is somehow linked to the current outbreak (either this is his work or he has sold the code to another actor). In this analysis, we hope to identify if this malware could have been recompiled from the original code, or it’s just a work of anyone with the appropriate skills to modify the ready-made binary. Doing so would not entirely disprove Janus as the creator, but his involvement becomes less likely.” - https://blog.malwarebytes.com
“I think the presented evidence is enough to prove, that the code was not recompiled from the original source (in contrary to what I initially suspected). Thus, the involvement of the original Petya author, Janus, seems unlikely. It seems in this case he was just chosen as a scapegoat by some different actor.” - https://blog.malwarebytes.com
In conclusion, be aware of what you're clicking on! I had just made a post about a phishing scammer who had just plead guilty. Ransomware and the ability of it being able to be spread quickly through phishing and other means is a real security matter. As we saw with WannaCry, it exceeded $1 billion dollars of damages in just the first 4 days. If you work in a sector that involves computers/devices being networked, you need to take caution at all times. You are the primary target for such a thing. We see companies buying Bitcoin just so that they can get ready for the next ransomware. This also means that these companies are not ready on the security side of things. Being aware of these threats will take more 'worker training' and I don't believe many companies are willing to invest into such a thing. The sad part about new age Ransomware is that they are also used as “scapegoats of blame” for more regulation on crypto by nations.
'"The estimated damage caused by WannaCry in just the initial four days would exceed $1 billion, looking at the massive downtime caused for large organizations worldwide," Stu Sjouwerman, chief executive at KnowBe4, a Clearwater, Fla., firm that helps firms avoid phishing efforts, wrote in a statement.”'- https://phys.org
“In the age of cyber threats, companies are stockpiling digital currency in preparation of future "ransomware" attacks — which have grown exponentially over the past few years.” - http://www.nbcnews.com
Here is a link to the Master Key:
https://mega.nz/#!lmow0Z7D!InyOTGaodVLX2M9pMGQvHJaGpvon11FyGep10ki4LHc
P.S. I redirected it to https://www.google.com/ so that no one accidentally clicks it. Please know what you're doing. I take no personal responsibility for any harm or damage that could be caused. (:
Be safe,
- Citizen
(Image Source) Photo Victor De Schwanberg / Science Photo Library
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://www.lownmower.com/news/EternalPetya-%E2%80%93-yet-another-stolen-piece-in-the-package?/
Thanks bot bro
lol!
Congratulations @citizen4! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP