Exploring the WannaCry and Petya Cyber Attacks
Subscribe to vXchnge Blog
The WannaCry and Petya ransomware attacks have had a massive impact globally. The attacks hit in May and June, respectively, causing devastation at many of the world’s largest companies, including advertising firm WPP and pharmaceutical company Merck & Co. in the U.S., consumer goods company Reckitt Benckiser in England and DLA Piper, a multinational law firm. Meanwhile, mystery concerning the perpetrators and operation of the malware outbreaks remains. Nonetheless, the scale of the cyberattacks has driven many companies to learn more about the technicalities of the attacks as well as how they can protect their networks in the future.
WannaCry and Petya by the Numbers
- 5.12.17 – The day the attack began
- $300 – The payment required for users to restore their files after they’d been infected by WannaCry
- 300,000 – The approximate number of computers infected by the ransomware
- 150 – The number of countries impacted by the attack
- 22 – The age of the web security researcher who discovered the effective kill switch
- 6.27.17 – The day the attack began
- $300 – The payment required for users to restore their files after they’d been infected by Petya
- 12,500 – The approximate number of computers infected by the ransomware
- 65 – The number of countries impacted by the attack
- $10,000 + – The amount of virtual currency raised by the Petya hackers
- 0 – The number of kill switches discovered for the malware
Comparing WannaCry and Petya
Despite sharing similarities, including both being mislabeled as ransomware variants initially, WannaCry and Petya have some core differences that are essential to understanding their operation and mitigating their threat. Perhaps the biggest and, in some cases, most surprising difference between the two forms of malware is that Petya is not ransomware — it’s wiper malware. This makes it far more destructive than its true ransomware counterpart, WannaCry. Here’s why:
Businesses are more vulnerable
- Petya included the dangerous EternalBlue and EternalRomance vulnerabilities which could not be mitigated by Windows patching through MS 17-100.
C2 connections are unnecessary
- Unlike WannaCry, which required connection to the attacker’s Command and Control server (C2) to successfully execute, Petya did not.
Potential devastation is greater
- While the motive behind the WannaCry attack was financial gain, the Petya attack was far more insidious. The encryption characteristics of Petya suggest the intent was wide-scale system destruction in order to disrupt business and governmental operations.
The aftermath of these two history-making malware attacks is still unfolding. As more details come to light about the sources and operations of each cyberattack, companies and IT teams have a tremendous opportunity to ready their networks for future threats — or dangerous reoccurrences of WannaCry and Petya. Preparation starts with the right proactive insight.
Check out our malware FAQ sheet now to learn best practices for preventing the next global cyberattack.
About Blair Felter
As the Growth Marketing Manager at vXchnge, Blair is responsible for managing every aspect of the growth marketing objective and inbound strategy to grow the brand. Her passion is to find the topics that generate the most conversations. If you have a topic idea, feel free to reach out to Blair through her social platforms.