Worldwide NotPetya Ransomware Outbreak using EternalBlue exploit
A new and nastier ransomware outbreak has been detected and is spreading rapidly across the globe is using the same exploit as last month’s WannaCry. This one is a variant of Petya which encrypts your whole disk and renders the computer completely useless.
If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. Be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on web links. You should also ensure that your backups are current. If your business does not have a business continuity solution in place contact us today. Please remember and remind others to Think Before you Click.
Analysts have determined that the Ransomware aspect of this threat is more of a smokescreen. After monitoring this issue it appears to be cyber warfare in action. As the affected machines do not have the chance to recover the files. Several indicators reveal this:
- It never bothers to generate a valid infection ID
- The Master File Table gets overwritten and is not recoverable
- The author of the original Petya also made it clear NotPetya was not his work
This is significant as it shows how the topic of cyber security has moved from Tech to a CEO and Board-level business issue.
Petya Ransomware Attack – Windows Patch