What’s interesting to note about Petya is that the Master Boot Record cannot be modified if the threat is executed as a normal user. This, however, doesn’t stop Petya from attempting to spread across your network.

File encryption

Petya performs files encryption in two ways: After Petya has spread to other computers, it initiates user-mode encryption of files with specific extensions. This happens because the infection process includes the installation of a custom simulator that hides what’s happening from the user. This is the first of the two-step encryption process.

With a user’s files now quietly encrypted, Petya then begins the second encryption step: full disk encryption. Here is a list of the file types that Petya searches for and encrypts: .3ds .7z .accdb .ai .asp .aspx .avhd .back .bak .c .cfg .conf .cpp .cs .ctl .dbf .disk .djvu .doc .docx .dwg .eml .fdb .gz .h. hdd .kdbx .mail .mdb .msg .nrg .ora .ost .ova .ovf .pdf .php .pmf .ppt .pptx .pst .pvi .py .pyc .rar .rtf .sln .sql .tar .vbox .vbs .vcb .vdi .vfd .vmc .vmdk .vmsd .vmx .vsdx .vsv .work .xls .xlsx .xvd .zip

How much damage has Petya inflicted

While Petya makes a ransom request of $300, it hit many large organisation across Europe, costing them what is estimated to be millions in damages. Shipping giant Maesk, British advertising agency WPP, Russian oil giant Rosneft, Ukraine government departments and also several ATM machines in the country were infected.


Petya came just weeks after Wannacry took the world ransom. While there’s no way to know when threats like these will surface, protecting against them is something that every computer user can do. Our advice: keep your computer updated with the latest security patches and antivirus software.


Submit a Comment

Your email address will not be published. Required fields are marked *

Share This