Advisory: Petya Ransomware Variant Outbreak
The Ministry of National Security is today [June 27] advising that a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly due to the same Windows SMBv1 vulnerability that the WannaCry ransomware abused.
A spokesperson said, “The Bermuda Government’s Cybersecurity Working Group has been monitoring the concerns, and has been made aware of large scale system affections in the US and Europe. Reports of systems affected include: harbour terminals, airports, electricity grids, banks, factories, offices, insurance, and military.
“The public is advised that Petya works very differently from other ransomware malware. For example, Petya does not encrypt files on a targeted system one by one. Instead, it reboots victims computers and encrypts the hard drive’s master file table [MFT] and renders the master boot record [MBR] inoperable.
“This restricts access to the full system by seizing information about file names, sizes, and location on the physical disk. Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
“Cyber security experts note that Petya uses the Eternalblue NSA exploit, SMB share and lateral movement using WMIC similar to Wannacry but also spreading with a client-side attack using CVE-2017-0199.
“Unlike the 2015/2016 Petya ransomware decryption keys are unavailable.
“The Bermuda Government’s Cybersecurity Working Group urging the following precautions be taken:
- Patch your systems for MS17-010, block SMB sharing at the firewall and disable WMIC if possible and have offline backups. If possible, block RTF (rich text) files at your e-mail gateway.
- To safeguard against any ransomware infection, you should always be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless you have verified the source.
- Keep a good back-up routine in place that makes their copies to an external storage device that isn’t always connected to your PC. Small businesses and home users should consider using cloud services to back up their important files. Many service providers [for example, email providers] offer a small amount of cloud storage space for free.
- Run an anti-virus security suite on your system regularly, and keep it up-to-date. Home users should turn on Windows Updates and run it.
- Always browse the Internet safely.
“The public will recall that last month [May], the Ministry of National Security encouraged public vigilance following a large scale cyber-attack which infecting more than 230,000 computers in 150 countries.”
Read More About
Category: All, News, technology
Any IT professional should know what to do.
Gotta love the nerdy tech speak which only another nerdy techie could hope to understand. What is an smb let alone a ms17 010 ….
If you understood the pros & cons of financial deals such as the airport so thoroughly to make such a fuss, understanding cyber-security should be a snap for you.
And a wmic?
I’m sorry. What? #IDontSpeakGeek
Get a Mac!