Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

'Petya' cyber attack: What is this ransomware and is it more dangerous than WannaCry?

Systems are shutting themselves down and workers are being told to leave their desks

Andrew Griffin
Tuesday 27 June 2017 16:00 BST
An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank
An employee sits next to a payment terminal out of order at a branch of Ukraine's state-owned bank Oschadbank (Reuters)

A virus is spreading rapidly across the world, shutting down some of the world's biggest companies with apparently no way of stopping it.

It would be shocking if it didn't sound so much like the last crippling attack on the internet – Wannacry, which took down the NHS as well as a range of other huge companies just a couple of months ago.

And the two appear to have come from the same family. That will come as an extra to worry to IT professionals – in part because the disastrous effects of Wannacry were supposed to have been patched and fixed, and in part because when the virus originally spread it was only stopped by a stroke of luck.

This time around it seems to be a strain of malware known as Petya, which has been re-engineered into a specific version called Petrwrap. That malware is well-known – it has been written about at length by IT professionals, even before the rise of Wannacry – but many antiviruses and patches are still not able to defend against it.

Likewise, some cyber security firms including Symantec have said that the hack makes use of the EternalBlue exploit – the exact thing that let Wannacry manage to worm itself into people's computers. That has been patched by Microsoft – it takes advantage of a vulnerability in part of Windows – but that patch must be applied by the owners of devices, which often aren't updated and sometimes can't be.

Petrwrap is ransomware, and is presenting itself as such to those people who are infected: when a computer or system goes down, it shows a screen telling people to pay a bitcoin ransom if they want to get their files back. As The Independent wrote in its guide to ransomware the first time around, this sort of malicious software exists primarily if not solely to make money – even if it mostly does a bad job of it, since most people have backups and don't pay.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in