What Petya/NotPetya Ransomware Is and What Its Remidiations Are

Abstract

Ransomware attacks have been growing worldwide since they appeared around 2012. The idea of ransomware attacks is, encrypting and locking the files on a computer until the ransom is paid. These attacks usually enter the system by using Trojans, which has malicious programs that run a payload that encrypts and locks the files. The basic goal of this type of attack is getting money, so hackers usually unlock the files when they receive the money, but really there is no guarantee of that. Ransomware attacks have various versions such as Reveton, CryptoWall, WannaCry, and Petya. The Petya attack is the attack that this paper discusses, especially the most recent version of it, which is referred as NotPetya. This paper defines the NotPetya attack, explains how it works, and where and how it spreads. Also, this paper discusses four solutions available to recover after a system infected by the NotPetya attack and propose the best solution depending on intense research about the recovering solutions of this attack.