Wide-scale Petya variant ransomware attack noted

Published: 2017-06-27
Last Updated: 2017-06-27 15:04:50 UTC
by Brad Duncan (Version: 1)
6 comment(s)

Sent from a reader earlier today:

  • Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices.  Have you heard anything on this?

A quick check reveals that, apparently, another global ransomware attack is making the rounds today.

Initial reports indicate this is much like last month's WannaCry attack.  According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap.  At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector.

Alleged samples of this ransomware include the following SHA256 hashes:

AlienVault Open Threat Exchange (OTX) is currently tracking this threat at:

We'll provide more information as it becomes available.

Keywords:
6 comment(s)

Comments

Symantec is claiming ETERNALBLUE (SMBv1) is being used as the exploit. Ref: https://twitter.com/threatintel/status/879716609203613698
Good timing on the diary from 21 June... 'It has been a month and a bit how is your new patching program holding up?'

https://dshield.org/forums/diary/It+has+been+a+month+and+a+bit+how+is+your+new+patching+program+holding+up/22540/
BLEEPING Computer:
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

theREGISTER
http://www.theregister.co.uk/2017/06/27/ransomware_outbreak_hits_ukraine/

NAKED Security (Sophos):
https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/

SECURITY Week:
http://www.securityweek.com/petya-ransomware-outbreak-hits-organizations-globally

MOTHERboard
https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now

BBC
http://www.bbc.com/news/technology-40416611

RECORDED Future stats show an uptick today
Thanks for the additional links, Brett. Definitely a lot is being written about today's attack.
Seems like wmic and psexec is being used for lateral movement too.

--
Regards Falk
Heard same rumors about Merck, PRG employees told not to start PCs and sent home.

Diary Archives