Bird_banner_small4
Worm.Win32.PetyaWrap.A
TSL ID TSL20170627-06
Severity High
Description

Worm.Win32.PetyaWrap.A is a Worm that targets Windows platform. It is reported that the malware has been used in attacks. The malware uses PSExec or WMIC to spread to other system. It is also capable to spread via the EternalBlue exploit used in the WannaCry attack. The malware encrypts files on the infected system. It then demands the infected user to pay a ransom in order to get the files decrypted. Moreover, it overwrites the original MBR with the malicious one.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • 71B6A493388E7D0B40C83CE903BC6B04
SHA1:
  • 34F917AABA5684FBE56D3C57D48EF2A1AA7CF06D
Identifiers
Kaspersky
  • TROJAN-RANSOM.WIN32.PETR.XW
Microsoft Malware Protection Center
Panda
  • TRJ/CRYPTOPETYA.B
Sophos
  • TROJ/RANSOM-EOB
Symantec
  • RANSOM.PETYA
TrendMicro
AegisLab
  • TROJ.RANSOM.W32!C
AhnLab
  • TROJAN/WIN32.PETYA.R203323
ALYac
  • TROJAN.RANSOM.PETYA
Antiy-AVL
  • TROJAN[RANSOM]/WIN32.PETYA
Arcabit
  • TROJAN.RANSOM.GOLDENEYE.B
Avast
  • MBR:RANSOM-C
Avira
  • TR/RANSOM.ME.12
Baidu
  • WIN32.TROJAN.RANSOM.A
Bkav
  • W32.RSPETYAND.WORM
CAT-QuickHeal
  • RANSOM.PETYA.A5
CMC
  • RANSOMWARE.WIN32.PETYA!O
Comodo
  • TROJWARE.WIN32.RANSOM.PETYA.BE
Cyren
  • W32/PETYA.VUNZ-1981
DrWeb
  • TROJAN.ENCODER.12544
Emsisoft
  • TROJAN-RANSOM.GOLDENEYE
ESET
  • WIN32/DISKCODER.C
Fortinet
  • W32/PETYA.EOB!TR
F-Prot
  • W32/PETYA.RANSOM.J
F-Secure
  • TROJAN:W32/PETYA.F
GData
  • WIN32.TROJAN-RANSOM.PETYA.V
Ikarus
  • TROJAN-RANSOM.PETRWRAP
Jiangmin
  • TROJAN.RANSOMPETYA.A
Malwarebytes
  • RANSOM.PETYA.EB
NANO-Antivirus
  • TROJAN.WIN32.PETYA.EQLCGP
Rising
  • TROJAN.DISKCODER!8.4613
SUPERAntiSpyware
  • RANSOM.PETYA/VARIANT
Tencent
  • WIN32.TROJAN.RANSOMWARE.SKUO
ViRobot
  • TROJAN.WIN32.S.PETYA.362360
Webroot
  • W32.RANSOMWARE.PETRWRAP
References http://blog.trendmicro.com/trendlabs-security-intelligence/large-scale-ransomware-attack-progress-hits-europe-hard/
https://blogs.technet.microsoft.com/mmpc/2017/06/27/new-ransomware-old-techniques-petya-adds-worm-capabilities/
https://www.fireeye.com/blog/threat-research/2017/06/petya-ransomware-spreading-via-eternalblue-exploit.html
https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know
Related Threats TSL20170713-03 - Backdoor.MSIL.TeleDoor.A