Earlier today, we were made aware another massive global ransomware epidemic following the WannaCry and XData/AES-NI outbreaks. If you have a default install of any modern ESET product, ESET would protect against this threat. Additionally, any ESET product with network detection would protect from the SMB spreading mechanism – EternalBlue proactively.
The ransomware appears to be a version of Petya. If it successfully infects the MBR, it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.
For spreading, it appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCry for getting inside the network, then spreading through PsExec for spreading within the network. This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched. It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.
The outbreak appears to have started in Ukraine – Patient Zero – more details to come…”(We have published a blog on our security news site, Welivesecurity.com, where additional information about this attack can be found. For our customers, we also have a Customer Advisory here, and Knowledgebase article here.)”
Please feel free to contact firstname.lastname@example.org for more information.
- On June 28, 2017
- 1 Comments