PetrWrap Ransomware
Posted: March 15, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 8/10 |
|---|---|
| Infected PCs: | 155 |
| First Seen: | March 15, 2017 |
|---|---|
| Last Seen: | September 4, 2022 |
| OS(es) Affected: | Windows |
The PetrWrap Ransomware is a modified version of the Petya Ransomware that uses similar file-encrypting attacks, including hijacking the system's boot-up routine, to force any victims into making ransom payments. Businesses with weak network and password security are at risk of being targeted by the PetrWrap Ransomware's threat actor especially and should protect their files with backups. After an attack, disconnect the system from the Internet and delete the PetrWrap Ransomware with your preferred anti-malware solution.
The Petya Ransomware Gets Wrapped Up for Your Displeasure
It sometimes can be ironic to see the lengths to which con artists will go to avoid working harder than they need to, as often is the case with threat authors recycling code from another person's projects. The PetrWrap Ransomware is a particularly rare case of a Ransomware-as-a-Service Trojan, using a rental model, that is being hijacked by another threat actor, with the original author cut out of any 'deserved' payment for his work. This new Trojan is a version of the Petya Ransomware with an extra wrapper that intercepts and modifies various features of the old threat.
This new con artist introduces the PetrWrap Ransomware to a business server after breaking the network password protection remotely, via 'brute-force' methods. He then establishes a greater control with the help of basic Windows tools like PsExec. The PetrWrap Ransomware guarantees persistence and hijacks the rest of the operating system's loading process, on top of that, by reusing the Petya Ransomware's 'bootloader' code. The PetrWrap Ransomware also encrypts the MFT tables of the system's partitions, holding the contents of the server hostage for ransom.
From the viewpoint of the Petya Ransomware's team, the PetrWrap Ransomware's most extreme change most likely is the fact that its threat actor is taking steps to avoid using the Petya Ransomware's ransoming infrastructure, as well as its method of decryption. Malware analysts also can confirm that this hijacked branch of the Trojan excludes most of the ransom message-shown traits of the original program, which can hurt victims trying to identify the infection.
Networking Your Way out of Ransoming Attacks
The PetrWrap Ransomware's threat actor is showing a clear preference for attacking business systems with poor password management and careless use of the Remote Desktop settings, meaning that consensual infection vectors like opening an e-mail attachment are unnecessary. The installation and launch of the PetrWrap Ransomware only may occur after the con artist gains access to as many drives and devices as possible, which maximizes the data loss he can inflict. Like other versions of the Petya Ransomware, the PetrWrap Ransomware also impedes the loading of Windows, along with encrypting the contents of the drive.
Decrypting the PetrWrap Ransomware for free is unlikely without additional developments, such as a leaking of the keys that are essential to the decoding process. Use backups in locations not subject to targeting by Trojan attacks to keep the PetrWrap Ransomware from being able to damage any data beyond the point of reparation. Major anti-malware organizations are just beginning to develop new identifications for this threat, but older anti-malware tools also could delete the PetrWrap Ransomware after detecting it via general heuristics.
Threat authors profiting from the exploits of their competition is nothing unusual about the threat industry but does increase the possible sophistication of attacks that victims have to thwart. Arguably, minding the security of your passwords and network settings never has been more important than threats like the PetrWrap Ransomware's now make it.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.