Petya/NotPetya Ransomware Spreading via LAN

Поділитися
Вставка

КОМЕНТАРІ • 420

  • @zuccsucc9378
    @zuccsucc9378 7 років тому +1240

    no more epileptic flashing red lights and spoopy skull?
    im disappointed.

    • @digitaljokerman
      @digitaljokerman 7 років тому

      dde dde same

    • @andy56duky
      @andy56duky 7 років тому +33

      dde dde meanwhile, someone that has epilepsy (I don't have epilepsy) is actually thrilled.

    • @Root__314
      @Root__314 7 років тому +107

      Yeah, I just WannaCry

    • @dvsaleios
      @dvsaleios 7 років тому +35

      Budget cuts.

    • @Xipheria
      @Xipheria 7 років тому +4

      Samuel Awachie HELLO! YOU WANT ME?

  • @Tulip23232
    @Tulip23232 7 років тому +281

    This is genuinely terrifying.

    • @kuskus_th13
      @kuskus_th13 7 років тому +22

      Not as much as the skull version though

    • @Mrmoonman64
      @Mrmoonman64 4 роки тому +2

      Indeed

  • @chaoticcranium
    @chaoticcranium 7 років тому +241

    Whoever wrote this version is not only a horrible criminal for grifting the innocent with malicious ransomware, but also for removing the badass flashing skull the original displayed.

    • @somerandomeditors
      @somerandomeditors Рік тому

      probably removed to prevent people having seizures

    • @creatorglitch
      @creatorglitch 6 місяців тому +2

      it was probably because of epilepsy reasons and stuff, idk. it is still a malicious virus but i mean, if the person has a epileptic seizure then there will be no one to pay them

    • @LiEnby
      @LiEnby 24 дні тому

      @@creatorglitchlook I encrypted your files but atleast their not gonna potentially kill anyone

  • @gdziejestnamo9160
    @gdziejestnamo9160 7 років тому +671

    Viruses in 1998: Hihihihi lets have fun and play a game
    Viruses in 2k17: Give money

    • @TheDopeyElephant
      @TheDopeyElephant 7 років тому +26

      oh no, it was worse back then, boo-live me.
      MEMZ.

    • @ninjastd7224
      @ninjastd7224 6 років тому +17

      2k17: giv mone and yu will beh foine

    • @AbsurdBartholomew
      @AbsurdBartholomew 6 років тому +17

      Hello you have are currently dieing computer currently. To fix your die computer that is die, please, go, donate 290$ dollar worthof Bitchcoin. Your file will be deletes in 30 an hour.

    • @GRBtutorials
      @GRBtutorials 5 років тому +3

      @@TheDopeyElephant You can still recover from that with no data loss. The only ones that were worse were the ones which formatted the HDD.

    • @cherresoda
      @cherresoda 4 роки тому

      trussive that’s it that’s the greatest thing i’ve ever read

  • @pcsecuritychannel
    @pcsecuritychannel 7 років тому +126

    Great demonstration. It must have taken some time to set all this up.

    • @Ballsinrealife
      @Ballsinrealife 7 років тому +4

      The PC Security Channel [TPSC] o hi dud im a big fan of ur stuff xd
      Also fuck spelling

    • @user-us6nh5qy8q
      @user-us6nh5qy8q 7 років тому +1

      You should do a collab with danooct

  • @stefaninafla
    @stefaninafla 4 роки тому +37

    I somehow got infected with some sort of ransomware that was completely silent. It did not overwrite my MBR or MFT. It happened 8/26/18 and I finally noticed it sometime in December when I went to look for a picture. Thing is, I had done a full backup on 8/25 so I think I lost about four files total when I just wiped the machine entirely and reinstalled. To this day, I do not know which ransomware it was.

    • @LiEnby
      @LiEnby 24 дні тому

      It will not be encrypted if you have secure boot (will refuse to boot to notpetya) or if you are using GPT/EFI for your OS instead of MBR

    • @VggX_YT77
      @VggX_YT77 15 днів тому

      @@LiEnby Secure boot is trash, when it's an ransomware it will encrypt some files that makes the windows boot so it will be forced to boot into petya, and your files are gonna be encrypted anyways

  • @JovialEclipse
    @JovialEclipse 7 років тому +528

    You just Ran-Some-Wares!

  • @chm_mmx
    @chm_mmx 7 років тому +25

    Oh and I like that PC1 is the first to reboot and the last to have it's MFT encrypted.

  • @xbotscythe
    @xbotscythe 7 років тому +43

    "Ooops! Your files have been encrypted" ~ WannaCry and NotPetya 2017
    WannaPetya or NotCry

    • @symbolcest
      @symbolcest 5 років тому +10

      if viruses were like shippable i would ship wannacry and petya so yay

  • @jpcreeper13
    @jpcreeper13 7 років тому +105

    If it's literally impossible to get your files back, then doesn't that sound like a classic computer virus in disguise as a modern piece of malware?

    • @Ambipie
      @Ambipie 3 роки тому +4

      I think it is

  • @l3m0ngr455
    @l3m0ngr455 7 років тому +122

    "Please ensure your powercable is plugged in." Really?

  • @tamarat.9439
    @tamarat.9439 2 роки тому +6

    I've been watching your videos like crazy lately. I am shocked I'm hooked because I have had bad computer viruses, Trojans, and worms in the past when I was obsessed with Sims 2 and would download CC, later not realizing some sites were not good. (I was younger at the time). I got the worst payloads but what utimately happened was a got a virus that made bugs (like real bugs) crawl on the screen, all items were unusable, and then it wiped the computer. I have been kinda anxious with technology since. I used to be a CS major also (after my virus days lol) and I enjoy watching you alter the codes. Makes me wanna code again, been so long since I have tho. 😬

    • @tamarat.9439
      @tamarat.9439 2 роки тому +1

      I was gonna ask, do you know what virus I am talking about?

  • @Unc3
    @Unc3 7 років тому +17

    i watch your videos before bed, your voice is so calming

  • @mr.celery4685
    @mr.celery4685 7 років тому +165

    Are there any viruses that don't harm the computer but instead inform about the danger of viruses?

    • @rennis4471
      @rennis4471 7 років тому +20

      Mr.Celery I've always wanted to make that...

    • @trewq_7224
      @trewq_7224 7 років тому +7

      they are called nematodes

    • @mr.celery4685
      @mr.celery4685 7 років тому +5

      Exotic Butters yeah I was also thinking something maybe like the memz virus but without harming your computer

    • @mr.celery4685
      @mr.celery4685 7 років тому +2

      Amy UNTOLD I don't necessarily mean to warn but one that doesn't harm anything and just erases itself

    • @Shadowmew55
      @Shadowmew55 7 років тому +2

      Just saying, malware derives from malicious software. But considering malicious probably derives from "mal," you're close enough, haha.

  • @ColorPrinter
    @ColorPrinter 7 років тому +73

    Your computer *might* be at risk.

  • @pvc988
    @pvc988 7 років тому +8

    What happens if you use FAT32 instead of NTFS? And what happens to unknown (from Windows' point of view) filesystem partitions (like ext)?

  • @dirtkiller23
    @dirtkiller23 7 років тому +138

    NotPetya...
    Fake name to disguise virus,nice try m8s!

  • @dum-dum
    @dum-dum 6 років тому +16

    "notpetya"
    SNEAK 100

  • @ciera5963
    @ciera5963 7 років тому +4

    Why am I still up? Great vid I loved it danooct1!

  • @n1fffan
    @n1fffan 7 років тому +4

    not as exciting as the last version, but we got 3 vids this week, so I can't complain too much.

  • @RNE69
    @RNE69 7 років тому +1

    @danooct1 Can you test is that placing empty "perfc" file in C\Windows\ is killswitch for this petya?

  • @GTdba
    @GTdba 7 років тому +8

    I know this is not How it works, but I would love to see the reaction of the cyber criminals:
    "HA! Got another one, Yuri! This PC has...some pictures of what looks like a photocopy of a butt. What the Hell?!"

  • @puls3tech
    @puls3tech 2 роки тому +2

    Viruses in 2004: Oh let’s put the computer in a restart loop!
    Viruses in 2022: GIVE ME FUCKING MONEY

  • @GHOST13500
    @GHOST13500 7 років тому

    u r one of the top 5 youtubers in my opinions never quit!

  • @ereince
    @ereince 6 років тому +10

    Many years ago, I had a cat.
    But in 2015 it just ransomware.

  • @TerrionProjects
    @TerrionProjects 4 роки тому +5

    Looks safe to be used in a school!

  • @AarClay
    @AarClay 7 років тому +1

    3:23: Which song is this? Its sound familliar!

  • @vixspade
    @vixspade 6 років тому +2

    2:21 It knows it screwed up but still tryin' to hold on the cliff edge.

  • @aurathedraak7909
    @aurathedraak7909 7 років тому +29

    Thats so ransome!

  • @rumiyano
    @rumiyano 7 років тому

    Interesting. Was the 2016 variant of Petya/NotPetya made into the headlines? I don't recall.

  • @burrito64burrito64
    @burrito64burrito64 7 років тому +42

    Is this another piece of malware that escaped the NSA?

    • @beckerboy1225
      @beckerboy1225 7 років тому +26

      If it was from the NSA I imagine it wouldn't be so buggy. :-|

    • @thecodingethan
      @thecodingethan 7 років тому +28

      Uses exploits the NSA kept from Microsoft, which then got leaked publicly, and here's where we are now.

    • @budvarlager7027
      @budvarlager7027 7 років тому +25

      Fucking NSA

    • @TiredOfYoutube
      @TiredOfYoutube 7 років тому +12

      I find it funny that the NSA is all about security and then this shit happens with their tools.

    • @voidofspaceandtime4684
      @voidofspaceandtime4684 7 років тому +6

      The NSA isn't about security, it's surveillance.

  • @CZghost
    @CZghost 7 років тому

    What's that tune at the video end? :) Its from a known song, but I do know neighter its name nor the interpret...

  • @arthurhenriqued.a.ribeiro2078
    @arthurhenriqued.a.ribeiro2078 6 років тому

    Was it also released by the creators of Wannacrypt? (Because of the "Ooops")

  • @spiritualhealinglife
    @spiritualhealinglife Рік тому

    I genuinely miss the flashing red skull (or yellow/green, depending on what version of Petya you're running). It looked cool.

  • @migueloliveira179
    @migueloliveira179 6 років тому

    Great video! But I have one question? The files in the different machines are shared?

  • @yasaminwhy8212
    @yasaminwhy8212 7 років тому

    Was that Enola Gay in bleeps at the end there? Love it.
    Question for any kind souls, what the hell do I do with a Vista PC that hasn't been maintained/updated in years? I've just inherited it and been tasked with retrieving as much data as possible, but my grandparents didn't even have antivirus and I know they fell for at least one phishing email. Any tips on how to make sure a Vista system's clean much appreciated.

  • @killertrip10
    @killertrip10 6 років тому

    That chiptune Enola Gaye at the end was awesome! Did you make it yourself?

  • @ErFuyl
    @ErFuyl 2 роки тому

    if i disable network discovery can i get infected by another computer?

  • @OGuiBlindao
    @OGuiBlindao 2 роки тому +1

    How did you spread the ransomware to the vms but not ur pc?

    • @LiEnby
      @LiEnby 24 дні тому

      His PC doesn’t run an outdated copy of Windows XP

  • @KeshaFilm
    @KeshaFilm 7 років тому

    So, now every new video will include the russian subs? Pretty interested.

  • @hydracrypt3544
    @hydracrypt3544 7 років тому

    I have stampa2,wannacry,petya and jigsaw ransom. Which one is strongest?

  • @JosephM101
    @JosephM101 Рік тому +1

    I love how at the beginning, the top left machine is saying it's at risk, but the other three are just bitching about the display resolution 😂

  • @FalcoMoment
    @FalcoMoment 7 років тому

    Love you Dan

  • @VJViktorVJ
    @VJViktorVJ 7 років тому

    Does Windows Firewall protect against this kind of spreading through network?

  • @zestymemelord1405
    @zestymemelord1405 7 років тому +16

    Don't we all WannaCry?

  • @TigerYoshiki
    @TigerYoshiki 7 років тому +2

    It spreads... it definitely went spreading on a day like June the 12th...

  • @markmendel9883
    @markmendel9883 7 років тому +1

    I think it's funny, the people most likely to actually fall for it would have absolutely no idea what a bitcoin is.

  • @eni4186
    @eni4186 4 роки тому

    Just stupid question, if my PC is turned off, and I got a petya file on my tablet, can the petya spread to my PC?

  • @Emoanimegirl1000
    @Emoanimegirl1000 5 років тому

    I thought NotPetya was considered a type of Wiper malware? NotPetya wipes the BIOS similar to CIH because they don't encrypt the files, they corrupt them and it isn't possible to get your files back? ((Even if you did, the files would still be corrupted?))

  • @krys5261
    @krys5261 7 років тому

    You deserve more subscribers.

  • @alldatgamez1155
    @alldatgamez1155 2 роки тому

    Hey danooct1, do you know if it can only spread within the same L2 domain, or is it posibble for it to attack other computers on other networks? And do you know how it finds the other devices, does it just send out an ARP request to find as many devices on the network as possible and then attempt to infect said devices? Thanks in advance!

  • @bitelaserkhalif
    @bitelaserkhalif 7 років тому

    It uses same loophole with wcrypt, right?

  • @wilsontulus
    @wilsontulus 7 років тому +1

    danooct1 Please show the video about petya ransomware in EFI VM, with Windows 10 inside it. I don't know are Petya can encrypt hard drive connected to UEFI computer. Because my computer is a UEFI computer. I don't know are my UEFI computer is safe.

    • @LiEnby
      @LiEnby 24 дні тому

      I think you’d still get the file encryption but not the HDD encryption(?)

  • @KRcanondaisa
    @KRcanondaisa 7 років тому

    Could this spread through a Tunngle LAN network?

  • @paper2222
    @paper2222 7 років тому

    How did you have 4 computers in your computer?

  • @DogweIder
    @DogweIder 7 років тому

    Could this possibly be passed on through hamachi, because I use it a lot and I would hate to get this, and even worse, spread it to my friends, and them to theirs

  • @160rpm
    @160rpm 7 років тому

    Which OS's are actually vulnerable to this?

  • @joeyviscontr5256
    @joeyviscontr5256 7 років тому +1

    is there a test file that you can download for free this new random ware virus?

  • @marlilizard6682
    @marlilizard6682 7 років тому

    When will the q and a come out?

  • @davidepierpaoli8405
    @davidepierpaoli8405 7 років тому

    hi!
    please can you show us the malware Win32/Ramnit?
    thank you

  • @supremerevolutionist4420
    @supremerevolutionist4420 7 років тому

    Where did u download your isos PLZ REPLY

  • @Z9Lurker
    @Z9Lurker 7 років тому

    So, just a question if anyone in this comment section knows:
    This started in San Francisco, correct?
    It shouldn't be able to spread too far, because of networks that stop it and computers that block it.
    If that's true tell me, cuz im no scientist and i kinda like knowing my safety.

  • @JohnGarett
    @JohnGarett 7 років тому +31

    Damn Daniel, back at it again with a *ransomware*

  • @guynameddarget
    @guynameddarget 7 років тому

    How does this spread via LAN? Did you cover this or did I miss it?

    • @LiEnby
      @LiEnby 24 дні тому

      NSA exploit and also tries to use same credentials as your pc to login to computers on a domain controller w psexec

  • @theEtch
    @theEtch 6 років тому

    Funnily enough, the bitcoin address mentioned doesn't appear when you type it into a block explorer. I tried blockchain.info. Can somebody try to find how many bitcoins this virus maker actually got?

  • @杨雪-g3f
    @杨雪-g3f 7 років тому

    Would you please tell me where do I can download the virus sample?

    • @ФедяФедя-ь9ъ
      @ФедяФедя-ь9ъ 2 роки тому

      Скачать можно у разработчика, этого вируса! Надеюсь, эта информация, была полезная для вас? )))😎

  • @ThatKidEveryoneHates
    @ThatKidEveryoneHates 7 років тому

    Is this ransomware just impacting big companies or is it hitting individual PC users?

    • @ThatKidEveryoneHates
      @ThatKidEveryoneHates 7 років тому

      Hitting not impacting wtf where did that come from

    • @lobscotch8802
      @lobscotch8802 7 років тому +1

      By the looks of it, Petya/NotPetya specifically targeted big companies and businesses, although I'm sure some individual PCs got infected in the process.

  • @astradiayt
    @astradiayt 7 років тому

    Danooct1 It is Also Called PetrWrap. Hope This Helped!

  • @Ig0r37sI
    @Ig0r37sI 7 років тому +2

    Спасибо за видео! ^^

  • @DCardoso
    @DCardoso 4 роки тому +2

    Watching this gives me anxiety

  • @8055N-m4w
    @8055N-m4w 7 років тому

    why its different than previous one ?

  • @JackSCTR
    @JackSCTR 7 років тому +3

    danooct1 Please help me!
    I was playing a game and suddenly that my screen turns black and at the bottom right corner it says that
    Window 7
    Build 7601
    This Copy of Window isn't Genuine
    It happens after I downloaded Red Alert 2?

    • @3V1L5H0073R
      @3V1L5H0073R 7 років тому +3

      you bloody pirate

    • @JackSCTR
      @JackSCTR 7 років тому

      Pirate the game or Pirate the Window?

    • @CallofBear
      @CallofBear 7 років тому +1

      Both lol it's going to annoy you a lot from now on, either get a crack program or switch to linux

    • @CallofBear
      @CallofBear 7 років тому

      Actually I just remembered you can probably still get a free upgrade to win10 on microsoft website, I don't know for sure through and I don't know if your version not being genuine will stop that

    • @spacekraken666
      @spacekraken666 7 років тому +7

      SOVIETS AЯE IИVADIИG YOUЯ PC

  • @kekkekkek1
    @kekkekkek1 7 років тому

    > Did you know? The Spawn Mason launched Petya.

  • @s17sgaz99
    @s17sgaz99 Рік тому

    My school when that one kid plugs a usb into the server :

  • @BigOlSmellyFlashlight
    @BigOlSmellyFlashlight 7 років тому

    So glad my internets been shut off

  • @tuckerbuxton2373
    @tuckerbuxton2373 7 років тому

    ily dan

  • @lnzrxx2785
    @lnzrxx2785 3 роки тому

    How many pcs did you destroy

  • @LuizFernandoSC
    @LuizFernandoSC 7 років тому

    Im starting to miss the old good trojans...

  • @KeksamPC
    @KeksamPC 7 років тому +23

    I don't get why everyone's saying it were impossible to recover files because the e-mail adress got deleted. It is impossible, but even if the files weren't also corrupted, don't we all know you should never pay the ransom in hopes of getting out of it? Why should the developers give a shit if you get the key and your files or not, they're criminals anyway

    • @KeksamPC
      @KeksamPC 7 років тому +15

      Well that is also kinda the point of not paying the ransom, if nobody does, ransomware gets pointless. I was always told you had literally no guarantee of getting a key and you're only giving them a buisness if you do pay. But yeah, you have a point.

    • @burrito64burrito64
      @burrito64burrito64 7 років тому +7

      You also made a good point, if no one pays the ransom it becomes pointless. Which is why I applauded them for shutting down the email address so no one could pay it.

    • @clem5858
      @clem5858 7 років тому +6

      But the fact is, sometimes the ranson is worth paying if the data is important enough. Therefore, to make ransomware pointless you would have to render literally EVERY PIECE OF INFORMATION ON EARTH useless. Since this task is impossible, ransomware will keep existing.

    • @KeksamPC
      @KeksamPC 7 років тому +4

      clem5858 Yeah, true. There is although one simple solution that literally everyone can easily do: backups on an external drive. Would make ransomware completely useless and likely make it go 'extinct'.

    • @bshenlow882
      @bshenlow882 7 років тому +1

      from what I know people still paying even that e-mail is dead...

  • @VeryScaryLarry2024
    @VeryScaryLarry2024 7 років тому

    very good... and when you think how many people still use XP..

  • @acura187
    @acura187 7 років тому

    Found a way to prevent file encryption by Petya extortionist
    Prevent execution of malicious code by creating a perfc file in the C: \ Windows folder. It does not allow you to disable the malware, as in the case of WannaCry, since each user must configure the correct file on his computer and thereby stop the spread of the infection. To do this, you must create a file "perfc" in the C: \ Windows folder that is read-only
    sorry for Google translate
    please check it

  • @traso56
    @traso56 7 років тому

    so you are reviewing ransomware too? where is rogueamp? :(

    • @MLWJ1993
      @MLWJ1993 7 років тому

      Truth is, this isn't much of ransomeware, it might seem like it at first glance, but it seems to be more of a destroy as much data as we can with this attempt (and it succeeded).

  • @shepardpower
    @shepardpower 7 років тому

    What happens when (Not)Petra meets WannaCry?

  • @iron4905
    @iron4905 7 років тому +1

    Honestly, If you were to everytime leave your computer. I would turn off my connection to my networks and shutdown, so if any of my family got the or a ransomeware I would be alerted ahead.
    Other than that I'm blank.

  • @AlessGoss
    @AlessGoss 3 роки тому

    I would be much scared if this happens on my physical network...

  • @baroneimen3248
    @baroneimen3248 7 років тому

    I wonder how you could pay if all machines that runs windows get infected....

    • @MLWJ1993
      @MLWJ1993 7 років тому

      Exactly, that's why it seems to be more for destruction and not for actual profit.

  • @AngelCastillo029
    @AngelCastillo029 2 роки тому

    How do you did this?

  • @kaliniarzxd8306
    @kaliniarzxd8306 7 років тому

    Oooops! I am crying now.

  • @comediccomedians8613
    @comediccomedians8613 3 роки тому

    Wait, how does he get all these PC's for the viruses?

    • @nkcu
      @nkcu Рік тому

      He is using a virtual machine, such as VMware or VirtualBox which basically emulate a computer, except they can be created and disposed. Danooct likely made 4 virtual machines and installed the virus on one of them to have it spread. They are not actual computers, but function identically to a real system. The purpose is mainly to avoid doing this on a real computer so he doesnt actually destroy his PC

  • @MaliceLunarGhost
    @MaliceLunarGhost 7 років тому

    so does that mean the files are no longer recoverable if they're corrupted instead of encrypted?! well they are no longer recoverable either way because the email was shutdown

    • @SteelT
      @SteelT 7 років тому +4

      BrodieLOL789 As if they would give you a key to recover your files if you paid

    • @beckerboy1225
      @beckerboy1225 7 років тому +2

      Yeah, something tells me the people who write ransomware viruses aren't exactly concerned with customer service. What incentive do they have to help you once you are infected and already paid up?

  • @KudaKeileon
    @KudaKeileon 3 роки тому

    "Your computer might be at risk"

  • @Cryos59
    @Cryos59 7 років тому

    "Hope you enjoyed seeing it spread"
    Not to use in any context x)

  • @phonyfelony3935
    @phonyfelony3935 7 років тому

    What happends if you run 500 viruses on a machine?

    • @thecodingethan
      @thecodingethan 7 років тому

      It's Windows, what do you expect.
      But classic viruses or something similar with a cool payload would be interesting, maybe not 500 of them though.

  • @davoid-
    @davoid- 7 років тому

    So how can i not get infected?

  • @InessaMaximova
    @InessaMaximova 4 роки тому

    Can I say that I liked that 8-bit Enola Gay?
    Edit: I forgot I made this comment.

  • @RafEsqruevel2014
    @RafEsqruevel2014 7 років тому

    i remember why my laptop is not connect to the internet

  • @Meowzors
    @Meowzors 7 років тому

    It took me a while to realize that the ending tune was enola gay

  • @riversideee_
    @riversideee_ 7 років тому

    They talked about this virus on the radio today :0

  • @Lol-vy5wm
    @Lol-vy5wm 7 років тому +1

    this is *wiper*

  • @kieszer
    @kieszer 7 років тому

    who made this malware ?

    • @Icewallowcome012
      @Icewallowcome012 7 років тому

      Møvìes Śceñes you think the guy who made it would just reveal himself?