Over a month after the WannaCry attack, yet another type of Ransomware has resurfaced this week, codename: Petya.
Companies have been infected worldwide, most of them based in Russia, Ukraine and the United Kingdom. However, a lot of companies in the Netherlands and Belgium have been victimized as well, such as container terminal operator APM (NL), pharmaceutical company MSD (NL), package delivery service TNT (NL, BE), food processor Mondelez (BE), WPP (UK), Deutsche Post (DE) and logistics supplier Maersk (BE).
Petya is circulating rapidly and has a large and immediate impact: after the first sign of infection, organizations have shut down their computers, which has put a halt to their production and services.
Ransomware is a type of malware that makes computers and data inaccessible, demanding financial payment to unlock the blocked content. However, this new virus makes paying a ransom seem useless. After payment, your message is sent to an email address that has already been closed down by its provider. According to security- and antivirus experts across the world, the Petya ransomware is using the Eternalblue-exploit for further circulation.
Remco Hobo, Security Architect at Infradata: “This recent attack very much resembles WannaCry, but so far no ‘kill-switch’ (the website URL which was registered and coincidentally stopped WannaCry) has been found. The biggest difference between WannaCry and Petya can be found after the infection has taken place: WannaCry encrypted certain files whereas with Petya the Master Boot Record is being adapted to make sure no files can be accessed anymore. Both viruses seem to use the EthernalBlue attack that was stolen from the NSA. For this purpose, Microsoft released its MS17-010 in March to solve the SMB bug in Windows.
"Aside from Petya there is also NotPetya, but the information on this virus is pretty vague. It seems that NotPetya can spread out in different ways (such as remote-desktop), but there is no hard evidence to back up this claim", explains Remco Hobo.
Infradata monitors the developments of these different types of Ransomware very closely and we will keep you updated via our website. Remco Hobo: “It is very important to download the latest patches on all computers. Make sure the MS17-010 is installed and if possible shut down the SMB1.”
Protecting yourself against future types of Ransomware
Do you want to prevent your company to be the next victim of Ransomware?
Contact our security experts who can inform you about the best practices to stay protected against these current and future Ransomware dangers.
28 June 2017