Petya ransomware and its RAAS service have been terrifying online users for years now. Now a new variant called PetrWrap has entered the picture and looks very closely related with the Petya ransomware. The technical aspects of PetrWrap suggest that it is produced by the same pirates. In truth, this virus is made by a separate team that has taken advantage of Petya’s structure. That being said, experts say that ransomware virus removal has never been more important than it is today.
How does this ransomware work?
The hackers managed to detach Petya’s structure using unique techniques in the variant so that its obvious similarities with Petya are hidden. The developers of PetrWrap have programmed their virus to act in the same direct way as Petya until the files are to be encrypted. The detection process used by most cyber security specialists allows companies to detect a parasite and deal with it before it can cause damage. Users can delete the detected files, processes, and registry entries on their own or have a professional cyber security expert do so.
Almost everyone can become a hacker by registering with Petya RAAS. This means they will have access to the built-in ransomware virus, but they can only partially control it. The creators of Petya take a big share of the ransom that their customers manage to receive: this condition is something that customers would like to avoid. The PetrWrap ransomware manages to use the Petya virus for its own personal use and avoids having to pay a high amount to the RAAS controllers.
PetrWrap does not begin its procedures when its payload arrives in a computing device. They take the time to become familiar with the system and only then do they pursue the attack (after about 2 hours of surfing). It could run in a similar way to Petya, but the cybercriminals who built PetrWrap did not intend to stick to the original version. They replaced the elliptical curve cryptography that Petya initiated with their own strategy. The tactics that the PetrWrap virus has selected are not quite different, but the most important feature is that the encryption/decryption codes are placed in the hands of the PetrWrap creators.