Spreading from east to west like the rising sun, the Petya ransomware attack began on 27 June in Ukraine and Russia and has continued across Europe and into Asia and the Americas. Although those behind the attacked are demanding the same ransom amount from victims, 300 bitcoin, as May’s WannaCrypt attack, Petya is a different form of ransomware.
Naked Security’s Paul Ducklin says that “instead of scrambling your data files and leaving the rest of your computer running just fine, Petya leaves all your data intact, but scrambles the indexes on your disk so that Windows can no longer make sense of it”.
What are our Partners are saying
Unsurprisingly the leading software vendors are on the front foot in issuing information on the attack and what you need to do to protect your organisation.
Microsoft – New ransomware, old techniques: Petya adds worm capabilities
The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated. Read more>
Sophos – Petya Ransomware Outbreak
Watch the video – Petya Ransomware attack: How to protect yourself
McAfee – New Variant of Petya Ransomware Spreading Like Wildfire
The new variant [of Petya] has further increased its nastiness by adding a spreading mechanism similar to what we saw in WannaCry just a few weeks ago. Petya comes as a Windows DLL with only one unnamed export and uses the same EternalBlue exploit when it attempts to infect remote machines. Read on>
Symantec – Petya ransomware outbreak: Here’s what you need to know
Similar to WannaCry, Petya uses the Eternal Blue exploit as one of the means to propagate itself. However, it also uses classic SMB network spreading techniques, meaning that it can spread within organisations, even if they’ve patched against Eternal Blue. Read further>
Snow Software – Don’t be held to ransom: Snow releases script for discovering ransomware
A few weeks ago, Snow released a script to discover if the Microsoft patch that protects against the ransomware is installed on any given machine in your enterprise. Snow predicted that this issue may come up again and sure enough, it has! There are full details in this blog from May 18th, which will help Snow customers conduct the same search to protect their machines from this nasty attack. Keep reading>
Mimecast – Petya ransomware – an action plan to improve your cyber resilience against this latest mass outbreak
This blog is designed to provide insight as well as help all organisations complete a review of their network and email security, backup and business continuity systems and processes. Keep reading>
Forcepoint – Is this Petya, NotPetya, GoldenEye, ExPetr, or PetrWrap?
Microsoft has reported that the initial infection vector is currently believed to have been via malicious code masquerading as a legitimate software update. Owing to the inherent trust relationship associated with automatic software updates, this vector is less likely to be detected by perimeter protection. Continue reading>
Kaspersky – New Petya / NotPetya / ExPetr ransomware outbreak
Some researchers suggested that the new ransomware might be either WannaCry (it’s not), or some variation of Petya ransomware (be it Petya.A, Petya.D, or PetrWrap). Kaspersky Lab experts concluded that the new malware is significantly different from all earlier known versions of Petya, and that’s why we are addressing it as a separate malware family. We’ve named it ExPetr (or NotPetya – unofficially). Read more>
Need to talk?
We are here to help. Our professionals are on hand to discuss your current security position or to provide you with any extra advice and support from across our extensive network of partners.