New Petya Ransomware

New Petya Ransomware

Earlier today, we were made aware another massive global ransomware epidemic following the WannaCry and XData/AES-NI outbreaks. If you have a default install of any modern ESET product, ESET would protect against this threat. Additionally, any ESET product with network detection would protect from the SMB spreading mechanism – EternalBlue proactively.

 

The ransomware appears to be a version of Petya. If it successfully infects the MBR, it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.

 

For spreading, it appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCry for getting inside the network, then spreading through PsExec for spreading within the network. This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and hopefully most vulnerabilities have been patched. It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.

 

The outbreak appears to have started in Ukraine – Patient Zero – more details to come…”(We have published a blog on our security news site, Welivesecurity.com, where additional information about this attack can be found. For our customers, we also have a Customer Advisory here, and Knowledgebase article here.)”

 

Please feel free to contact support@esetng.com for more information.

Thank you.

  • On June 28, 2017
  • 1 Comments
  • 4 likes

1 Comments

admin
Maecenas nec tempus velit. Praesent gravida mi et mauris sollicitudin ultricies. Duis molestie quam sem, ac faucibus velit. Curabitur dolor dolor, fringilla vel fringilla tempor, ultricies sed tellus. Cras aliquet, nulla a feugiat adipiscing, mi enim ornare nisl, eu pellentesque nunc diam eu purus.

Leave Reply

Your email address will not be published. Required fields are marked *