PetrWrap authors use stock version of Petya ransomware


Petya ransomware strain was one of the most successful types of ransomware recently, not only encrypting the victims’ personal files using advanced AES cryptographic algorithm, but also encrypting the entire computer’s hard drive by overwriting the master reboot record. As a result, victim’s PC was not able even to load the operating system. Like other ransomware families, Petya demands a Bitcoin payment from the victim in exchange for decryption keys.

The creators of a new type of ransomware named PetrWrap have cracked the Petya initial programming code and currently are using it for new ransomware attacks. Researchers at security firm Kaspersky Lab believe that this cybercriminal group has decided to steal ransomware code from competing ransomware gang withous paying any comissions.

The PetrWrap ransomware has been active since February 2017. This trojan uses its own cryptographic keys to encrypt victims’ files, rather than using those keys which go with the initial version of Petya ransomware. Furthermore, PetrWrap ransomware waits for an hour and a half after the infiltration before attacking the victim’s computer.

“We are now seeing that threat actors are starting to devour each other. From our perspective, this is a sign of growing competition between ransomware gangs. Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organised they will be, and the less effective their malicious campaigns will be,” said Anton Ivanov, senior security researcher at Kaspersky Lab company.

It should be noted that getting infected with PetrWrap ransomware may be very dangerous for a home user or a company. The cryptography algorithm of this virus is very strong and there are currently no working decryption tools available for all forms of PetrWrap.


Please enter your comment!
Please enter your name here