2017-06-29

Yet ANOTHER New Ransomware

petya ransomware    
At work we received an enterprise wide warning regarding the new petya ransomware which encrypts both files and the master boot records of infected machines.

It orginates in Europe with Russia and Ukrane hit early and hard. It has also impacted enterprises in the US and Western Europe and uses several attack vectors.

Once you get hit you receive a message demanding three hundred dollars in bitcoin to unlock the data. All data is encrypted at that point in time.

It appears to extract credentials from an essential windows file. It's primary portage are TCP ports 445 and 139 and unless some mistake is found the data cannot be accessed.

Now then, this is quite similar to Wannacry but adds a "worm" component for spreading the malicious code. Luckily my servers all keep stealth port assignments in effect and the firewalls are tighter than a ...

Pretty doggone tight.

The clear and present danger appears to be enterprise configurations such as those in multinational companies and like I keep telling ya ... backup is your only real time hope.

There is banter of the "Petya is not ransomware" variety being passed around with the definition leaning toward "destructive wiper malware". I find this reasonable given the fact that the email company the originators had been using has terminated their account with extreme prejudice rendering them incommunicado.

So, uh if you value what's on that disk drive let's hope you have a spare copy lying around. This has got me all fired up to start cloning my drives and I intend to get hot on that task immediately.

ALSO, I suppose that my repeated admonitions regarding what a cold place the internet is may be hitting you in the old realization by now ... ? Good luck and back up !