Yesterday’s ransomware epidemic, following WannaCry, was a variant of Petya upgraded to utilise the EternalBlue exploit stolen from the NSA and released by the Shadow Brokers hacking group. This variant not only encrypts your files but also encrypts the file table locking you out of Windows.
Although targets originally appeared in Ukraine—impacting down Chernobyl’s radiation monitoring system, power plants, banking services and transport companies — this latest cyberattack has quickly spanned the globe including reports of British advertiser WPP and DLA Piper law firm being effected.
How this ransomware was able to spread and infect so many given the coverage from WannaCry is still a surprise and could be an issue for IT managers who had yet to patch their systems.
The patch (MS17-010) blocking the ExternalBlue exploit used in this attack was patched back in March for Windows Vista, 8 & 10, and Microsoft took the unprecedented step of patching the unsupported XP following WannaCry.
Once infected the updated Petya ransomware reboots the PC to show what looks like a ‘chkdsk’ process but is actually encrypting the files on your hard drive. Once all your files are encrypted the PC will then display a DOS-like ransomware screen with the increasing familiar “Ooops, your important files are encrypted” message.
The ransom is set at $300 worth of Bitcoin, which you must email confirmation of payment to the hacker – However, the hackers email address has been disabled by the provider making it impossible to receive the decryption key to unlock files.
To protect against current threats and future cyber attacks, using new vulnerabilities and unknown exploits, you need an Endpoint Detection and Response solution such as Adaptive Defense 360 – try it now http://www.pandasecurity.com/
There is initial technical information from PandaLabs attached