

It is said that, “those who do not learn history are doomed to repeat it“. In May 2017, the WannaCry ransomware virus spread quickly around the world infecting thousands of computers and locking owners out of their files. Prior to this, Microsoft patched the EternalBlue vulnerability in March, before the May outbreak of WannaCry took place. Despite the extensive damage the WannaCry outbreak caused, organizations did not take heed to security experts warnings to apply security patches to their Microsoft Windows-based computer systems. It was warned that it was only a matter of time before the next digital attack would fall upon us.
And that brings us to our current status where beginning yesterday morning, Tuesday June 18th, Petya ransomware malware started spreading across Europe.
UPDATE #1: While initial analysis identified this attack as a variant of ‘Petya’, its behavior patterns indicate that it is in fact a new strain reminiscent of the ‘Wannacry’ ransomware attack. It has therefore recently been been dubbed ‘NotPetya’ or ‘Petna’.
UPDATE #2: We have identified several unique hashes, these are listed below and in the link above.
It is a type of ransomware which works differently from other malware. The difference is that instead of encrypting the files one by one, it reboots the computer and encrypts the Master Boot File. This file contains the disk mapping, operating system files, names, size and location across the hard disk. Once the file is opened, it spreads itself over the network to additional computers if there is a Microsoft vulnerability on those computers. Once the ransomware encrypts important documents and files on the infected computers, it then demands a Bitcoin ransom key to unlock the files.
Petya ransomware utilizes the SMBv1 EternalBlue exploit, operating in the same manner as WannaCry . This exploit takes advantage of unpatched Windows machines. At least one of the tools used by the WannaCry ransomware was used with Petya, making it so successful and affecting nearly 300,000 computers worldwide within only a day.
As we stated above, Microsoft has patched vulnerabilities for all versions of Windows operating systems, but many users are still vulnerable and various malware variants are exploiting the flaw in order to deliver ransomware with cryptocurrency mining.
The Petya cyber attack has spread across Europe with firms in Ukraine, Britain and Spain forced to shut down. And the stories have been hitting Twitter like a storm. Here are a few examples:
Here is a list of simple steps your organization can take in order to protect yourself:
According to security experts, Petya, as well as other ransomware strains are going to continue to thrive until companies take action and patch their computer systems. Failing to do so will just prolong this attack as well as future attacks.