Petya / NotPetya Ransomware Attack

Overnight, a major ransomware cyber-attack ‘Petya’ using a variant of the ransomware family known as GoldenEye spread across Europe and the US. 

In addition to encrypting files on the victim’s computer, the ransomware encrypts the Master Boot Record (MBR) blocking full access to the victim’s computer, the hard-drive is essentially destroyed.

The ransomware leverages the same software vulnerability as WannaCry, ETERNALBLUE described in the bulletin [MS17-010], however contains more logic in how the malware propagates. 

ETERNALBLUE was leaked by the Shadow Brokers hacker group in April and is thought to have been developed by the US National Security Agency (NSA).

Victims of the Petya attack should not pay the Ransom. Even if you pay, the payment confirmation email address, to confirm payment, has been blocked by the German email provider Posteo. 

Surprise! NotPetya Is a Cyber-Weapon. It's Not Ransomware

Update According to Comae Technologies and Kaspersky Lab experts it now appears that the Petya / NotPetya ransomware is in fact a disk wiper designed to sabotage and destroy computers. Even if the ransom was paid, and despite the email account being blocked by the German email provider, there is no way to restore the encrypted files or the MFT file. 

In effect, a disk wiper disguised as ransomware, with the likely source being Russia and the objective, to paralyze the Ukraine. [Bleeping Computer]

Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide

Full Analysis It is now increasingly clear that the global outbreak of a file-scrambling software nasty targeting Microsoft Windows PCs was designed not to line the pockets of criminals, but spread merry mayhem. [The Register]

Hacks Raise Fear Over N.S.A.’s Hold on Cyberweapons 

Insights The N.S.A. has kept quiet, not acknowledging its role in developing the weapons. White House officials have deflected many questions, and responded to others by arguing that the focus should be on the attackers themselves, not the manufacturer of their weapons.

But the silence is wearing thin for victims of the assaults, as a series of escalating attacks using N.S.A. cyberweapons have hit hospitals, a nuclear site and American businesses. Now there is growing concern that United States intelligence agencies have rushed to create digital weapons that they cannot keep safe from adversaries or disable once they fall into the wrong hands. [New York Times]

Checklist

  • Do not pay the Ransom
  • Patch your operating systems with the latest Microsoft updates available. 
  • Do no open email attachments from untrusted senders.
  • We recommend the [MS17-010] Microsoft patch is installed on all computers 
  • Keep AV up to date. 
  • Install a security product and keep it up to date