Upon further investigation of Petya, researchers have discovered that it is NOT in fact ransomware, but something much worse, called a wiper malware.
At first glance the cyber world labeled it as ransomware since it encrypted files and demanded a ransom of 300 bit coins. 300 bit coins, for those of you who don’t know, is a lot of money; $763,284 US Dollars to be exact. But the difference between ransomware, and this kind of malware, is victims who have paid the ransom don’t get their files back.
Paying the Ransom Won't Get Your Files Back
Even if you pay the incredible ransom, you’re not getting a decryption key for your files. Why? Well, two reasons: 1) the domain that had been associated with paying the ransom has been disabled, and 2) Petya is not ransomware, but a wiper malware instead.
"A Data Wiper Disguised as Ransomware"
Petya disguised itself to look like ransomware, but instead of handing over the key and everything being okay, the infected pay the ransom, and then find that there is no such key. Experts have said that Petya is actually something called a disk wiper that locks the files, and then throws away the key.
"Little Help for Victims to Recover Their Data"
Kaspersky researchers have said, that their “analysis indicates there is little hope for victims to recover their data” and that they’ve “figured out that after disk encryption, the threat actor could not decrypt victims’ disks.”
Other researchers further explained that Petya makes it nearly impossible to recover files because of the odd way it functions. It does permanent damage to the Master File Table (MFT), which controls the location of all files on a system. Once the MFT is encrypted permanently you can kiss all hope of being reunited with your files goodbye.
Petya is Preventable
So as not to leave a bitter taste in your mouth, you can protect yourself from being infected by making sure your machines are up-to-date and have all appropriate patches installed. And as always, be mindful of suspicious links and files in emails. STOP! THINK! DELETE!