Petya ransomware? What you need to know

What You Need To Know About Petya Ransomware

As many companies regained their footing after last month’s devastating WannaCry outbreak, we saw another ransomware attack yesterday, which, has so far, impacted organizations in more than 65 countries.
The ThreatLabZ team detects suspicious code and patterns by analyzing 35 billion transactions a day in the Zscaler cloud security platform. We will share what we are seeing so far and what you can do to protect yourself. Join us for webcast tomorrow and visit our blog to get real-time updates and answer any questions you may have.
What we have seen
While this outbreak may or may not be related to the Peyta ransomware strain, our analysis has revealed some key facts:
  • One of the delivery methods looks to be related to an infected version of a software update from the Ukrainian company MeDoc
  • The ransomware payload uses the Windows Management Instrumentation Command-line (WMIC) interface and EternalBlue exploit to propagate laterally over SMB
  • After a device is exploited, the malware encrypts the Master Boot Record, which then holds the machine for ransom after reboot
Zscaler recommendations and upcoming webcast

As we recommended after the WannaCry outbreak, the key to preventing the virus from spreading is proper patching and control of SMB file sharing on your network. Please register for the webcast now and continue to check our blog for ongoing updates.

Best Regards,
Zscaler ThreatlabZ Team

Leave a Reply