Exploring the WannaCry and Petya Cyber Attacks

The WannaCry and Petya ransomware attacks have had a massive impact globally. The attacks hit in May and June, respectively, causing devastation at many of the world’s largest companies, including advertising firm WPP and pharmaceutical company Merck & Co. in the U.S., consumer goods company Reckitt Benckiser in England and DLA Piper, a multinational law firm. Meanwhile, mystery concerning the perpetrators and operation of the malware outbreaks remains. Nonetheless, the scale of the cyberattacks has driven many companies to learn more about the technicalities of the attacks as well as how they can protect their networks in the future.

What are WannaCry and Petya?

Get the details here

WannaCry and Petya by the Numbers

WannaCry

• 5.12.17 – The day the attack began
• $300 – The payment required for users to restore their files after they’d been infected by WannaCry
• 300,000 – The approximate number of computers infected by the ransomware
• 150 – The number of countries impacted by the attack
• 22 – The age of the web security researcher who discovered the effective kill switch

Petya

• 6.27.17 – The day the attack began
• $300 – The payment required for users to restore their files after they’d been infected by Petya
• 12,500 – The approximate number of computers infected by the ransomware
• 65 – The number of countries impacted by the attack
• $10,000 + – The amount of virtual currency raised by the Petya hackers
• 0 – The number of kill switches discovered for the malware

Comparing WannaCry and Petya

Despite sharing similarities, including both being mislabeled as ransomware variants initially, WannaCry and Petya have some core differences that are essential to understanding their operation and mitigating their threat. Perhaps the biggest and, in some cases, most surprising difference between the two forms of malware is that Petya is not ransomware — it’s wiper malware. This makes it far more destructive than its true ransomware counterpart, WannaCry. Here’s why:

Businesses are more vulnerable

• Petya included the dangerous EternalBlue and EternalRomance vulnerabilities which could not be mitigated by Windows patching through MS 17-100.

C2 connections are unnecessary

• Unlike WannaCry, which required connection to the attacker’s Command and Control server (C2) to successfully execute, Petya did not.

Potential devastation is greater

• While the motive behind the WannaCry attack was financial gain, the Petya attack was far more insidious. The encryption characteristics of Petya suggest the intent was wide-scale system destruction in order to disrupt business and governmental operations.

The aftermath of these two history-making malware attacks is still unfolding. As more details come to light about the sources and operations of each cyberattack, companies and IT teams have a tremendous opportunity to ready their networks for future threats — or dangerous reoccurrences of WannaCry and Petya. Preparation starts with the right proactive insight.

Check out our malware FAQ sheet now to learn best practices for preventing the next global cyberattack.

Sources:

• How Similar Are WannaCry and Petya Ransomware? – Forbes
• @petya_payments – Twitter
• ‘Petya’ Ransomware Hits at Least 65 Countries; Microsoft Traces It to Tax Software – NPR.org
• ‘Petya’ Ransomware Attack Strikes Companies Across Europe and US – The Guardian