Petya+ Ransomware
Posted: July 12, 2017
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 10/10 |
|---|---|
| Infected PCs: | 7 |
| First Seen: | July 12, 2017 |
|---|---|
| OS(es) Affected: | Windows |
The Petya+ Ransomware is a fake variant of the Petya Ransomware that imitates most of that Trojan's features without locking your files. Although in its current state, the Petya+ Ransomware isn't an immediate danger to any local media, victims should be informed about the potential for updates to this Trojan that could allow it to leverage real, data-blocking attacks, and protect themselves with appropriate backup strategies. Some brands of anti-malware programs also may delete the Petya+ Ransomware automatically, before any of its symptoms occur.
When a Trojan Introduces Itself by the Wrong Name
Many threat actors don't see the need to create pet projects of their own when others have already done the majority of the work in both publicizing and programming a Trojan campaign. On the programming side, this essential laziness makes itself evident with the various clones and derivatives of families like Hidden Tear. However, regarding brand publicity, it's best shown through Trojans like the Petya+ Ransomware, a new threat that malware experts are examining currently.
Unlike the Trojan that inspired its design, the Petya+ Ransomware has no encryption features and can't lock the user's documents or other media. However, in other respects, the Petya+ Ransomware imitates the visuals of the Petya Ransomware's payload, including the below symptoms:
- The Petya+ Ransomware imitates the CHKDSK screen of the Petya Ransomware, which the older threat uses for concealing the length of its data-enciphering function. This fake Windows screen claims to be repairing the hard disk of unspecified errors in a process that 'may take several hours.'
- When it finishes displaying the previous message, the Petya+ Ransomware transitions into showing ASCII art of a skull, and, then, a ransom note. This last screen warns that your local files are being held hostage by a military-grade encryption cipher and provides TOR links to its ransom-paying site.
The Petya+ Ransomware's author has put limited effort into imitating any of the other features related to traditional encryption attacks and doesn't provide renaming or extension-appending functions. Accordingly, any users should be able to open and continue using their files without difficulty.
The Cost of Failing to Tell Appearance from Reality in Threatening Software
The look of a Trojan isn't always a reliable clue of how it's trying to attack your PC, which fake variants of families like the Petya+ Ransomware so well demonstrate. Many of the ransom-collecting methods favored by con artists often avoid all of the standard protections, such as refund policies, that come with traditional currencies and transactions. Since the Petya+ Ransomware has no current ability to damage your local files, the only thing paying its ransom accomplishes is rewarding its threat actor for doing almost nothing.
The modes of distribution being abused by the Petya+ Ransomware are still in analysis. For comprehensive protection, malware experts recommend scanning unusual e-mail attachments with appropriate security products, using security features that block drive-by-downloads from corrupted Web addresses, and scheduling rotations of complex, unique passwords. Since this Trojan's attack features are limited, only a few anti-malware solutions are capable of identifying and removing the Petya+ Ransomware accurately currently.
As usual, one con artist can do a great deal of the legwork of publicizing a Trojan, while countless others take advantage of it. For users without backups, there always are problems with assuming a Trojan like the Petya+ Ransomware is honest, with the cost being measured both financially and in their peace of mind.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.