A new strain of ransomware has appeared in multiple countries. On June 27, 2017, Petya ransomware emerged and began spreading itself to large organizations across Europe. This ransomware uses what is called the Eternal Blue exploit in Windows computers. It is not impacting individual users at the time of this writing.
Infection Propagation:
Although people are calling this WannaCry v2 (or v3 depending on how much misinformation they read) there are some significant differences. WannaCry was spread entirely using the SMBv1 exploit nicknamed EternalBlue, which meant that infected systems would in turn scan and infect other systems which caused it to spread rapidly and exponentially. Had the WannaCry “kill switch” not been activated or not existed at all, the attack would continue to spread indefinitely across the entire internet. The Current Petya attack is different in the sense that the exploits it uses are only used to spread across a local network rather than the internet (i.e. you are extremely unlikely to be infected if you’re not on the same network as someone who was already infected).
everything we know about the massive cyber attack :
A massive cyberattack swept across systems worldwide last week, spanning Europe, the Middle East, and the United States and affecting a variety of companies, from banking institutions to airlines to hospitals. The breach comes just weeks after the WannaCry attack that hit at least 150 countries. Keep up with the latest news from the attack here as we uncover details about the outbreak.
How does the “Petya” ransomware work ??
The ransomware takes over computers and demands $300, paid in Bitcoin. The malicious software spreads rapidly across an organization once a computer is infected using the EternalBlue vulnerability in Microsoft Windows (Microsoft has released a patch, but not everyone will have installed it) or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one. “It has a better mechanism for spreading itself than WannaCry,” said Ryan Kalember, of cybersecurity company Proofpoint.
Where did it start ??
The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police. This explains why so many Ukrainian organizations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. A second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.
thank you for your attention and wait me for a new posts and stories...