ALERT! Worse than Ransomware, It’s a Wiper

Updated 06/10/2017


The recent Petya virus, which has affected over 65 countries so far, is not ransomware but a Wiper. The ransomware note that popped up on infected computers was a red herring meant to fool the media, allowing the hackers to control the narrative by capitalizing on last month's WannaCry outbreak.

According to Matt Suiche, founder of CloudVolumes (now VMWare, a Consilien partner) "¬ĚThe goal of a wiper is to destroy and damage. The goal of a ransomware is to make money. Different intent. Different motive. Different narrative...a wiper simply destroys and exclude possibilities of restoration. [citation]

In short, it breaks hard drives.

At first researchers thought it was an updated version of the 2016 Petya ransomware virus. However there were clues that belied this initial assumption; mainly, the "ransomers" made it very difficult for people to pay the ransom, and the hack was primarily focused in the Ukraine compromising crucial infrastructure, including the central bank, airport, metro transport, and the Chernobyl power plant [citation]

According to Microsoft, the infection spread to 64 countries, including the United states and was traced back to a Ukrainian company's tax accounting software [citation].

Like the WannaCry ransomware attack that affected 150 countries in May, Peyta exploits similar vulnerabilities in unpatched software then worms its way through computer networks, gathering passwords, credentials, and spreading itself.

Even if you've updated some of your patches, the Petya virus can still find its way into protected machines if one computer is left unpatched.  An IT worker in Scotland thought his company had all their patches up to date, but they still had a massive infection, "So far we've lost many servers and clients, as you can imagine it's carnage."  [citation].

If you're a Consilien IC/24 Managed Services client OR if you have our backup and business continuity services, you're covered.

If you're not a Consilien client, then here's what you need to do now:

1. Patch all of your PC's

2. Have current and validated backups.

3. Educate your users to always be skeptical of email attachments.

4. Have policies in place that prevent users from visiting suspicious websites.

It's time to Rethink Infrastructure Technology.

P.S. Bulletproof your backup with Consilien's network and data security and business continuity services.  Email us at or call 866.680.3388