I wanted to provide an update regarding the latest ransomware attack that we’re tracking in Europe. The team sat down with David Kennerley, Director of Threat Research, at Webroot to discuss this further. As this story continues to develop while more information comes in, here are David’s initial thoughts:
As with any developing story, updates will no doubt come thick and fast, new information will come to light, leading some possible theories dead in the water. We are seeing reports of another ransomware strain, appearing to using the leaked NSA’s Eternal Blue exploit tool. While many organisations have spent many an hour patching the SMBv1 vulnerability since the WannaCry outbreak, without doubt, there will be many more vulnerable machines out there.
This first hit Webroot’s radars at around 10 am UTC today in the US, but has since been seen in a number of other countries including Ukraine, Japan, China, and the UK. We currently protect against this variant. Early analysis appears to show the ransomware looks to possibly encrypt the Master Boot Record (MBR) on infected machines as well as the victims files, similar to the nasty Petya ransomware seen last year – which only went after the MBR, and was relatively easy to fix. A large percentage of infected machines appear to be Windows 7 and 10, with the majority running the 64-bit OS.
It goes without saying that organisations should test their disaster recovery plan (DRP) regularly. This will help them understand the time it will take to restore systems to a useable state and what data is likely to be lost due to back up schedules. The danger with paying the ransom is there’s no guarantee they’ll recover their encrypted data and this only makes ransomware more successful in the long run for hackers. Also be aware that ransomware by its very nature is designed to be annoying and loud. Be aware, there also may be secondary infections intent on staying hidden, looking to perform damage using other means – like data and password pilfering.
We will be updating you throughout the day as soon as we know more.
+8
Thanks for the heads up. Will be keeping an eye on this thread.
T
T
Userlevel 7
+35
From the Webroot Threat Blog:
A host of companies across industries have confirmed attacks today by a brutal wave of ransomware, including global law firm DLA Piper, U.S. pharmaceutical giant Merck, and the Danish shipping company Maersk. Although targets originally appeared in Ukraine—shutting down power plants, banking services and supermarkets—this latest cyberattack has quickly spanned critical economic sectors around the globe.
Webroot customers are protected against this variant.
Click here to see the full details.
A host of companies across industries have confirmed attacks today by a brutal wave of ransomware, including global law firm DLA Piper, U.S. pharmaceutical giant Merck, and the Danish shipping company Maersk. Although targets originally appeared in Ukraine—shutting down power plants, banking services and supermarkets—this latest cyberattack has quickly spanned critical economic sectors around the globe.
Webroot customers are protected against this variant.
Click here to see the full details.
+8
It is a relief that Webroot has its customers covered. What a.gift. Many thanks.
I heard it on the news this morning and it sounded as if it was transferring by way of automatic updating to certain software. Not only that but the email address which was used for ransom payers has been activated so users could have paid the Bitcoin and still cannot access the intruder!
Theresa
I heard it on the news this morning and it sounded as if it was transferring by way of automatic updating to certain software. Not only that but the email address which was used for ransom payers has been activated so users could have paid the Bitcoin and still cannot access the intruder!
Theresa
+8
Is this the same topic? If so, should they be combined? @akim
Thanks,
Theresa
https://community.webroot.com/t5/Security-Industry-News/Many-Firms-Hit-by-Global-Cyber-Attacks-Petrwrap/m-p/296174#M35441
Thanks,
Theresa
https://community.webroot.com/t5/Security-Industry-News/Many-Firms-Hit-by-Global-Cyber-Attacks-Petrwrap/m-p/296174#M35441
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.