{"id":49758,"date":"2017-06-28T13:02:11","date_gmt":"2017-06-28T07:32:11","guid":{"rendered":"https:\/\/www.vskills.in\/certification\/blog\/?p=49758"},"modified":"2024-04-03T13:24:31","modified_gmt":"2024-04-03T07:54:31","slug":"petwrap-ransomware-analysis","status":"publish","type":"post","link":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/","title":{"rendered":"Petwrap Ransomware Analysis"},"content":{"rendered":"<p><a ref=\"magnificPopup\" href=\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/petwrap-ransomware-analysis.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-49760 size-full\" src=\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/petwrap-ransomware-analysis.jpg\" alt=\"Petwrap Ransomware Analysis\" width=\"308\" height=\"225\" srcset=\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/petwrap-ransomware-analysis.jpg 308w, https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/petwrap-ransomware-analysis-300x219.jpg 300w\" sizes=\"auto, (max-width: 308px) 100vw, 308px\" \/><\/a><\/p>\n<h3>Petwrap Ransomware Analysis<\/h3>\n<p>Petwrap ransomware or Petya\/NotPetya, is the recent new ransomware affecting computer networks.<\/p>\n<p>On the morning of June 27, 2017, a new ransomware outbreak\u2014similar to the recent WannaCry malware\u2014was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as banks, government, retail, and power, among others.<\/p>\n<p>Although at first, it seemed that the ransomware was a variant of the Petya family, researchers have determined that they are not related, and have now named the malware \u201cNotPetya.\u201d This ransomware is potentially more devastating than WannaCry, as it does not require vulnerable, unpatched systems to spread on the local network.<\/p>\n<p><strong>Petya \/ NotPetya Tools, Techniques, and Procedures (TTPs)<\/strong><\/p>\n<p>After infection on the initial victim, NotPetya enumerates all saved SMB credentials on the system and uses these credentials to log onto other machines on the local network. Because the ransomware uses existing SMB credentials to connect to the systems, even patched Windows machines are subject to infection.<\/p>\n<p>NotPetya can infect additional network systems in one of two ways:<\/p>\n<ul>\n<li>Using the remote administration tool \u201cpsexec\u201d to execute the malware on the remote host<\/li>\n<li>Using the built-in Windows Management Instrumentation Command-line tool (WMIC)<\/li>\n<\/ul>\n<p>In the case of the first method, NotPetya attempts to write a copy of the Windows Sysinternals tool \u201cpsexec,\u201d which is embedded in its resource section, to %WinDir%\\dllhost.dat.<\/p>\n<p>The second method uses WMIC, which is included by default on Windows systems, and allows for connection to remote systems to perform administrative tasks. In the command above, the malware connects to the (IP address or hostname) using the and credentials, and executes the NotPetya DLL on the remote system.<\/p>\n<p><strong>Differences Between Petya \/ NotPetya and WannaCry Ransomware<\/strong><\/p>\n<p>Unlike WannaCry, this version of NotPetya does not require vulnerability to the EternalBlue SMB exploit in order to spread to other systems on a network. Successful infection of one host allows the ransomware to spread to any connected systems for which the infected system has SMB credentials. Therefore, patching the SMB vulnerability and disabling SMBv1 will not prevent the spread of the malware as in WannaCry.<\/p>\n<p style=\"text-align: right\">&#8211; LogRhythm<\/p>\n<p class=\"VSKILLbodytext\">Students or Professionals engaged in cyber security, can use the below links to be updated on Security related issues<\/p>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li class=\"VSKILLbodytext\"><a href=\"http:\/\/vskills.in\/certification\/tutorial\/legal\/cyber-security-certification\/\">Tutorials for Cyber Security<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type: none\">\n<ul>\n<li class=\"VSKILLbodytext\"><a href=\"http:\/\/www.vskills.in\/practice\/quiz\/cyber-security\">Practice Test on Cuber Security to assess your knowledge<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li class=\"VSKILLbodytext\"><a href=\"https:\/\/www.vskills.in\/certification\/security\/cyber-security-certification\">Certification Course on Cyber Security<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Petwrap Ransomware Analysis Petwrap ransomware or Petya\/NotPetya, is the recent new ransomware affecting computer networks. On the morning of June 27, 2017, a new ransomware outbreak\u2014similar to the recent WannaCry malware\u2014was discovered in the Ukraine. The malware quickly spread across Europe, affecting varied industries such as banks, government, retail, and power, among others. Although at&#8230;<\/p>\n","protected":false},"author":1,"featured_media":51575,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[1556],"tags":[919,6801,6802,6800,6803],"class_list":["post-49758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-cyber-security","tag-petwrap-ransomware","tag-petwrap-ransomware-analysis","tag-ransomware","tag-ransomware-analysis"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Petwrap Ransomware<\/title>\n<meta name=\"description\" content=\"An technical analysis of Petwrap ransomware, which has affected computer networks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Petwrap Ransomware\" \/>\n<meta property=\"og:description\" content=\"An technical analysis of Petwrap ransomware, which has affected computer networks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/\" \/>\n<meta property=\"og:site_name\" content=\"Vskills Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-28T07:32:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-03T07:54:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"750\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"teamvskills\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"teamvskills\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/\",\"name\":\"Petwrap Ransomware\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif\",\"datePublished\":\"2017-06-28T07:32:11+00:00\",\"dateModified\":\"2024-04-03T07:54:31+00:00\",\"author\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/db89ed45879ddc5d130a8aae4309d90a\"},\"description\":\"An technical analysis of Petwrap ransomware, which has affected computer networks.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage\",\"url\":\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif\",\"width\":750,\"height\":400,\"caption\":\"Petwrap Ransomware Analysis\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Petwrap Ransomware Analysis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/blog\/\",\"name\":\"Vskills Blog\",\"description\":\"Vskills - A Initiative in Assessment to Enhance Employability\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/db89ed45879ddc5d130a8aae4309d90a\",\"name\":\"teamvskills\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b622f2772f7029565ef961f615b0727ed219929be1c95fa7aeda53560feec085?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b622f2772f7029565ef961f615b0727ed219929be1c95fa7aeda53560feec085?s=96&d=mm&r=g\",\"caption\":\"teamvskills\"},\"url\":\"https:\/\/www.vskills.in\/certification\/blog\/author\/teamvskills\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Petwrap Ransomware","description":"An technical analysis of Petwrap ransomware, which has affected computer networks.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/","og_locale":"en_US","og_type":"article","og_title":"Petwrap Ransomware","og_description":"An technical analysis of Petwrap ransomware, which has affected computer networks.","og_url":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/","og_site_name":"Vskills Blog","article_publisher":"https:\/\/www.facebook.com\/vskills.in","article_published_time":"2017-06-28T07:32:11+00:00","article_modified_time":"2024-04-03T07:54:31+00:00","og_image":[{"width":750,"height":400,"url":"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif","type":"image\/gif"}],"author":"teamvskills","twitter_misc":{"Written by":"teamvskills","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/","url":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/","name":"Petwrap Ransomware","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif","datePublished":"2017-06-28T07:32:11+00:00","dateModified":"2024-04-03T07:54:31+00:00","author":{"@id":"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/db89ed45879ddc5d130a8aae4309d90a"},"description":"An technical analysis of Petwrap ransomware, which has affected computer networks.","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#primaryimage","url":"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif","contentUrl":"https:\/\/www.vskills.in\/certification\/blog\/wp-content\/uploads\/2017\/06\/16_Petwrap-Ransomware-Analysis.gif","width":750,"height":400,"caption":"Petwrap Ransomware Analysis"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/blog\/petwrap-ransomware-analysis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/blog\/"},{"@type":"ListItem","position":2,"name":"Petwrap Ransomware Analysis"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/blog\/#website","url":"https:\/\/www.vskills.in\/certification\/blog\/","name":"Vskills Blog","description":"Vskills - A Initiative in Assessment to Enhance Employability","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/db89ed45879ddc5d130a8aae4309d90a","name":"teamvskills","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b622f2772f7029565ef961f615b0727ed219929be1c95fa7aeda53560feec085?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b622f2772f7029565ef961f615b0727ed219929be1c95fa7aeda53560feec085?s=96&d=mm&r=g","caption":"teamvskills"},"url":"https:\/\/www.vskills.in\/certification\/blog\/author\/teamvskills\/"}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/posts\/49758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/comments?post=49758"}],"version-history":[{"count":6,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/posts\/49758\/revisions"}],"predecessor-version":[{"id":75623,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/posts\/49758\/revisions\/75623"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/media\/51575"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/media?parent=49758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/categories?post=49758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/blog\/wp-json\/wp\/v2\/tags?post=49758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}