• Contrary opinion: PetraWrap is buggy, poorly constructed ransomware

    Posted on June 29, 2017 at 20:15 CDT by Comment in the Forums

    Yesterday, I ran an article that says PetyaWrap (NyetPetya, Petya.2017, nPetya, pick your name) “was designed to make headlines, not to make money.” There’s convincing evidence for that conclusion, offered by highly regarded malware researchers.

    But there’s a second opinion which says, roughly, “PetyaWrap was (is) a buggy piece of real ransomware.” Vess Bontchev goes on to assert that it’s from an “idiot ransomware writer.”

    Rob Graham has an excellent expose of that assertion in his Errata Security blog, NonPetya: no evidence it was a “smokescreen”:

    Certainly, things look suspicious. For one thing, it certainly targeted the Ukraine. For another thing, it made several mistakes that prevent them from ever decrypting drives. Their email account was shutdown, and it corrupts the boot sector.

    But these things aren’t evidence, they are problems. They are things needing explanation, not things that support our preferred conspiracy theory.

    Three things I know for sure.

    First, it’s still a problem. According to Ian Thomson at The Reg, FedEx reportedly halted trading on the NYSE because its TNT subsidiary got infected – likely with PetyaWrap.

    Second, the antivirus companies are in hype overdrive mode, claiming this or that about their products and PetyaWrap. I don’t believe any of it.

    Third, the people who say “install all Windows patches right away to prevent PetyaWrap infections” don’t have a clue. The infection method for PetyaWrap is still unknown, and the subject of much conjecture. What we do know is that, if your Windows PC has all of the March patches installed, it won’t get infected by one method, but it may get infected by a different method. Having all of your Windows patches up to date won’t protect you, in spite of what the self-proclaimed “experts” say.

    As for the major network TV show that claimed you could improve protection against PetyaWrap by using strong passwords…. pffffffffffffffft.

    Welcome to the scary new world of Windows, folks.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    April 2025
    S M T W T F S
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.