Tuesday, June 27, 2017

Petya Ransomware Spreading Rapidly Worldwide, Just Like WannaCry


Watch out, readers! It is ransomware, another WannaCry, another wide-spread attack.

The Wannacry ransomware is not dead yet and another large scale ransomware attack is making chaos worldwide, shutting down computers at corporates, power supplies and banks across Russia, Ukraine, India, and Europe and demanding demands $300 in bitcoins.

According to multiple sources, a new variant of

Petya ransomware

, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours.

Petya

is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.

Instead, Petya reboots victims computers and encrypts the hard drive's master file table (MFT) and rendering the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.

Petya replaces the computer's MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Affected Power Companies:

Petya ransomware has already infected -- Russian state-owned oil giant Rosneft, Ukrainian state power distributors "Kyivenergo" and "Ukrenergo," in last year hours.

"We were attacked. Two hours ago, we had to turn off all our computers. We are waiting for permission from Ukraine’s Security Service (SBU) to switch them back on," Kyivenergo's press service said.

Affected Banks and Financial Institutions:

There are reports from several banks, including National Bank of Ukraine (NBU), Oschadbank; and companies that they have been hit by the Petya ransomware attacks.

Affected Businesses:

Maersk, an international logistics company, has also confined on

Twitter

that the latest Petya attacks have shut down its IT systems at multiple locations and business units.

The ransomware also impacts multiple workstations at Ukrainian branch's mining company Evraz.

Affected Telecommunication Industry:

Three Ukrainian telecommunication operators, Kyivstar, LifeCell, Ukrtelecom, have also affected in the latest Petya attack.

How Petya Ransomware Spreading So Fast?

So far, it is not yet confirmed that what's the reason behind the sudden rapid spreading of Petya, but security researchers on Twitter are arguing that like WannaCry, Petya is also exploiting SMBv1 and taking advantage of unpatched Windows machines.

Just three days ago, we reported about the latest WannaCry attacks that hit Honda Motor Company in Japan and around 55 speed and traffic light cameras in Australia.

Well, it is quite surprising that even after knowing about the WannaCry issue for quite a decent amount of time, big corporates and companies have not yet implemented proper security measures to defend against the threat.

What to do immediately? Go and apply those goddamn patches and disable the unsecured, 30-year-old SMBv1 file-sharing protocol on your Windows systems.



from The Hacker News http://ift.tt/2tSaXYP

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.