Cybersecurity researchers have been racing to analyze the new ransomware that struck Tuesday, first hitting Ukraine in an avalanche of attacks before spreading to companies around the world.
The malicious software has been identified as a modified version of a previously known ransomware, called Petya or Petrwrap, but which has been substantially altered, prompting a debate among researchers over whether it represents new malware.
Here’s what we know:
How the malware works
The malware works by encrypting a computer’s hard disk, locking users out and then posting a ransom demand telling them to pay $300 to a bitcoin account to unblock it.
At face value, it seems to resemble WannaCry, the ransomware that locked out hundreds of thousands of computers in May but researchers have already noted some crucial differences.
A key difference so far has been that unlike WannaCry, researchers have not been able to find a so-called kill switch that shuts down this malicious code globally. But researchers believe they have found a temporary means of disabling the malware on individual computers.
One U.S. cybersecurity researcher, Amit Serper of Boston-based Cybereason, Tuesday night identified the fix and other researchers have since termed it a potential “vaccine” or “localized kill switch” for the malware. By changing a single file name, Serper found users can trick the malware into shutting down on their individual computers.
Serper’s method has been confirmed by several other firms but he has warned that it is only a temporary fix because large-scale attacks normally occur in several waves and hackers may easily change the file names again, making the “vaccine” ineffective against the malware, which is technically a “worm” and not a virus because it is self-propagating.
Understanding the nature of the malware
Analysts are also still debating the nature of the malware. Petya was already known to cyberresearchers from 2016. But some believe…