author photo
By SecureWorld News Team
Wed | Mar 15, 2017 | 5:18 AM PDT

The Trojan uses its own encryption key to bypass its creators. 

Computer World explains:

In a case of no honor among thieves, a group of attackers has found a way to hijack the Petya ransomware and use it in targeted attacks against companies without the program creators' knowledge.

A computer Trojan dubbed PetrWrap, being used in attacks against enterprise networks, installs Petya on computers and then patches it on the fly to suit its needs, according to security researchers from antivirus vendor Kaspersky Lab.

The Trojan uses programmatic methods to trick Petya to use a different encryption key than the one its original creators have embedded inside its code. This ensures that only the PetrWrap attackers can restore the affected computers to their previous state.

The Trojan also removes all mentions of Petya from the ransom message, as well as its signature red skull designed in ASCII.

Comments