Second Major Ransomware Attack of 2017 is Under Way

For the second time this year a massive ransomware attack is sweeping across the globe. At first the ransomware was believed to be a strain of Petya. However, reports now point out that this might be a new type of ransomware yet to be identified.

The ransomware has been infecting computers through at least one exploit, known as Eternal Blue. The vulnerability was leaked online last April by a group of hackers known only as the Shadow Brokers. They have released hacking tools known to have been used by the National Security Agency in the past. That vulnerability was used in May to spread the WannaCry ransomware, which affected hundreds of thousands of computers in more than 150 countries.

The attack started in Ukraine and has made it’s way to Denmark, Russia, and England. Kaspersky Labs detected attacks in Poland, Italy, Germany, France, and the United States as well. The ransomware is distributed by a malicious link in an email, then it encrypts the master file table (MFT). Attacking the MFT is much faster than attacking each individual file.

The cybercriminals are asking victims to pay a ransom of $300 in Bitcoin. This ransomware attack is similar in scope and intensity to the WannaCry ransomware attack in May. It’s using EternalBlue to spread quickly and those who have not patched EternalBlue are vulnerable to this ransomware attack.

Update:

As of Wednesday, June 28, 65 countries have been struck by the ransomware attack and it has made its way into Asia. Microsoft has stated that this is a new variant of Petya and is issuing security updates. The start of the cybersecurity attack can be traced to a tax software in Ukraine, where over 12,500 devices were effected. As of Wednesday morning those behind the attack have collected about $10,000 from their victims. Unfortunately  a kill switch has yet to be identified and the ransomware is continuing to spread.

Beginning late Wednesay and into Thrusday June 29, 2017, reports have emerged stating that ExPetr/Petya/NotPetya is a wiper masquerading as ransomware. The goal of wipers is to destroy and damage whereas ransomware seeks to make money. This difference, and the highly targeted nature of the attacks centered on the Ukraine, has led to reports that this might be a state sponsored attack rather than a money making scheme.

——

Our email security solutions protect inboxes from phishing and other malicious emails. To learn more about the pressing threat that ransomware poses to businesses, and for tips on how to protect your organization visit our page info.sendio.com/ransomware.

Updated June 29, 2017 at 15:43 UTC