PetrWrap Ransomware

Posted: March 15, 2017
Threat Metric
Threat Level: 8/10
Infected PCs 124

PetrWrap Ransomware Description

The PetrWrap Ransomware is a modified version of the Petya Ransomware that uses similar file-encrypting attacks, including hijacking the system's boot-up routine, to force any victims into making ransom payments. Businesses with weak network and password security are at risk of being targeted by the PetrWrap Ransomware's threat actor especially and should protect their files with backups. After an attack, disconnect the system from the Internet and delete the PetrWrap Ransomware with your preferred anti-malware solution.

The Petya Ransomware Gets Wrapped Up for Your Displeasure

It sometimes can be ironic to see the lengths to which con artists will go to avoid working harder than they need to, as often is the case with threat authors recycling code from another person's projects. The PetrWrap Ransomware is a particularly rare case of a Ransomware-as-a-Service Trojan, using a rental model, that is being hijacked by another threat actor, with the original author cut out of any 'deserved' payment for his work. This new Trojan is a version of the Petya Ransomware with an extra wrapper that intercepts and modifies various features of the old threat.

This new con artist introduces the PetrWrap Ransomware to a business server after breaking the network password protection remotely, via 'brute-force' methods. He then establishes a greater control with the help of basic Windows tools like PsExec. The PetrWrap Ransomware guarantees persistence and hijacks the rest of the operating system's loading process, on top of that, by reusing the Petya Ransomware's 'bootloader' code. The PetrWrap Ransomware also encrypts the MFT tables of the system's partitions, holding the contents of the server hostage for ransom.

From the viewpoint of the Petya Ransomware's team, the PetrWrap Ransomware's most extreme change most likely is the fact that its threat actor is taking steps to avoid using the Petya Ransomware's ransoming infrastructure, as well as its method of decryption. Malware analysts also can confirm that this hijacked branch of the Trojan excludes most of the ransom message-shown traits of the original program, which can hurt victims trying to identify the infection.

Networking Your Way out of Ransoming Attacks

The PetrWrap Ransomware's threat actor is showing a clear preference for attacking business systems with poor password management and careless use of the Remote Desktop settings, meaning that consensual infection vectors like opening an e-mail attachment are unnecessary. The installation and launch of the PetrWrap Ransomware only may occur after the con artist gains access to as many drives and devices as possible, which maximizes the data loss he can inflict. Like other versions of the Petya Ransomware, the PetrWrap Ransomware also impedes the loading of Windows, along with encrypting the contents of the drive.

Decrypting the PetrWrap Ransomware for free is unlikely without additional developments, such as a leaking of the keys that are essential to the decoding process. Use backups in locations not subject to targeting by Trojan attacks to keep the PetrWrap Ransomware from being able to damage any data beyond the point of reparation. Major anti-malware organizations are just beginning to develop new identifications for this threat, but older anti-malware tools also could delete the PetrWrap Ransomware after detecting it via general heuristics.

Threat authors profiting from the exploits of their competition is nothing unusual about the threat industry but does increase the possible sophistication of attacks that victims have to thwart. Arguably, minding the security of your passwords and network settings never has been more important than threats like the PetrWrap Ransomware's now make it.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to PetrWrap Ransomware may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Home Malware Programs Ransomware PetrWrap Ransomware

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.