Tuesday, June 27th, just a little over a month after the Wannacry ransomware campaign, in just a few hours, multiple reports of a worldwide outbreak regarding a new ransomware campaign are sprouting everywhere. Some say it is a new variant of “Petya” others call it “NotPetya”.
The new Petya ransomware variant infections broke out in Ukraine and spread from there to other countries. The proliferation of this ransomware is believed to begin with a malicious email containing ransomware embedded in a password-protected Word file.
How does Petya Ransomware work?
What does it do? Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable.
Open-source reports indicate that after opening the attached file, the infected machine communicates with the 18.104.22.168 IP address. Following opening a communication channel between the infected machine and the malicious C&C, a screenshot appears which displays that a scan of the hard disk is in progress (CHKDSK). It is believed that this is when the distribution of the ransomware within the network begins using several communication protocols such as SMBv1, and a number of additional protocols and lists 139, 445, and 135.
The ransomware scans the computer folders and encrypts most of the useful files and data.
After encryption, the ransomware displays a message that requires the user to pay hundreds of dollars for the de-encryption of the data. Victims have a specific amount of time to pay. If payment is not made by the deadline, the ransom increases.
CYMULATE POINT OF VIEW
Organizations that tested their security and identified vulnerabilities through Cymulate, were presented with mitigation procedures for other ransomware, which also mitigated the vulnerability that this new threat used. Many organizations would have avoided the attack if they had used Cymulate, hence the importance of continuous testing, identification of vulnerabilities, and mitigation.
To test yourself today, visit our website, register, and try for free our Immediate threat sample of the NotPetya ransomware.
Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate’s platform.
Update November 2021 – Preparedness against ransomware is improving