EternalPetya – yet another stolen piece in the package?

Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is another step in Petya’s evolution. However, those were just different opinions and … [Read more…]

EternalPetya and the lost Salsa20 key

We have recently been facing a huge outbreak of the new version of Petya-like malware armed with a infector in WannaCry-style. The research is still in progress, and the full report will be published soon. In this post we will focus on some new important aspects that the current malware has. The low level attack works in … [Read more…]

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was … [Read more…]