Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Wide-scale Petya variant ransomware attack noted - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wide-scale Petya variant ransomware attack noted

Sent from a reader earlier today:

  • Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices.  Have you heard anything on this?

A quick check reveals that, apparently, another global ransomware attack is making the rounds today.

Initial reports indicate this is much like last month's WannaCry attack.  According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap.  At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector.

Alleged samples of this ransomware include the following SHA256 hashes:

AlienVault Open Threat Exchange (OTX) is currently tracking this threat at:

We'll provide more information as it becomes available.

Brad

271 Posts
ISC Handler
Symantec is claiming ETERNALBLUE (SMBv1) is being used as the exploit. Ref: https://twitter.com/threatintel/status/879716609203613698
da7rutrak

1 Posts Posts
Good timing on the diary from 21 June... 'It has been a month and a bit how is your new patching program holding up?'

https://dshield.org/forums/diary/It+has+been+a+month+and+a+bit+how+is+your+new+patching+program+holding+up/22540/
Nicolas

4 Posts Posts
BLEEPING Computer:
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

theREGISTER
http://www.theregister.co.uk/2017/06/27/ransomware_outbreak_hits_ukraine/

NAKED Security (Sophos):
https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/

SECURITY Week:
http://www.securityweek.com/petya-ransomware-outbreak-hits-organizations-globally

MOTHERboard
https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now

BBC
http://www.bbc.com/news/technology-40416611

RECORDED Future stats show an uptick today
Brett

13 Posts Posts
Thanks for the additional links, Brett. Definitely a lot is being written about today's attack.
Brad

271 Posts Posts
ISC Handler
Seems like wmic and psexec is being used for lateral movement too.

--
Regards Falk
Falk

1 Posts Posts
Heard same rumors about Merck, PRG employees told not to start PCs and sent home.
Anonymous

Posts

Sign Up for Free or Log In to start participating in the conversation!