MOSCOW, June 27. /TASS/. The encrypting virus Petya that attacked the computers of Russian oil major Rosneft on Tuesday has affected a large number of countries worldwide, Kaspersky Lab Global Research and Analysis Head Costin Raiu wrote in his Tweeter account.
The new Petrwrap/Petya ransomware that emerged on June 18 this year "has a fake Microsoft digital signature appended," Raiu said.
InfoWatch Head Natalia Kaspersky told TASS that the encrypting virus emerged more than a year ago. It mainly spreads through phishing messages.
According to Natalia Kaspersky, the first variant of the virus Petya sought to obtain administrator privileges.
"If the administrator privileges were not obtained, it was powerless. That is why, it united with some other extorting virus Misha, which had the administrator privileges. This was an improved version, a backup encrypting malware," she said.
According to the preliminary data of Group-IB, the virus has attacked about 80 organizations in Russia and Ukraine. The virus Petya blocks computers and prevents users from uploading an operating system. The virus extorts a $300 ransom in bitcoins for the work’s resumption and file-decrypting. The large-scale virus attack on oil, telecoms and financial companies in Russia and Ukraine was registered at about 2:00 p.m. Moscow time.