New ransomware attack similar to Wannacry spreads globally
“New global ransomware attack”. This is the message that has been trending on Twitter in the last hours, accompanied by the hashtags #Ransomware and #Petya. A new type of WannaCry on a global scale is attacking businesses all over the world. And, just as in the previous international attack, computers are blocked, while a screen tells the user that their computer will not work until they pay a ransom of 300 dollars in bitcoins.
Petya
The new ransomware attack is affecting users across the globe especially in Ukraine and Russia, where several banks, transport and oil companies have suffered the consequences. However, there is also evidence of companies in Spain, UK, USA and other territories that are victims of this wave of attacks.
“Rumors spread fast on the Internet so it is advisable to keep calm and not believe everything that is read on social networks. Therefore, in the event of any eventuality, it is best to ask the system managers if the protection measures are up to date or wait for the IT services of the company in which you work give you some indication. In the meantime, if you want to be informed about how the consequences of the attack evolve, it is important to go to reliable sources, media or companies in the cybersecurity sector, “warns Hervé Lambert, Global Retail Product Manager at Panda Security.
How does the new ransomware work
This new ransomware is a variant of the Petya family, and runs on computers by encrypting certain files, while blocking the boot sector of the compromised system. This prevents the user from accessing their own computer unless they enter an access key, after having paid the ransom, which restores the operating system, as if nothing had happened.
New functionality in this Petya variant is this new cyberattack is able to reboot the PC to show what looks like a ‘chkdsk’ process but is actually encrypting the files on your hard drive. Once all your files are encrypted the PC will then display a DOS-like ransomware screen with the increasing familiar “Ooops, your important files are encrypted” message.
The attack may cause a complete shutdown of the operating system
The attack, which has forced several European banks to suspend their activity, has also hit public services, as in the case of the Ukrainian Government. The Government’s website of this country has experienced several problems.
It is highly recommended to check that the security programs are upgraded, the latest protection features are enabled, updating the operating system and you must also check if the Firewall is enabled.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
17 comments
Bonjour,
Comment peut on faire si cela arrive à un particulier? comment peut il récupérer sont système d’exploitation si il se retrouve avec un écran noir?
Bonjour Marie,
La première chose à faire, en cas d’infection, est de communiquer avec le service technique, avec Panda, je l’espère car nous réduisons ce premier point
Suivre ensuite les instructions pas par pas, étape par étape que donnent les ingénieurs.
Important : conseils pour éviter cette infection.
Nos clients sont protégés contre cette attaque. Toutefois, nous vous recommandons de suivre ces conseils et recommandations:
• Etre méfiant, les documents qui arrivent dans un email d’expéditeurs non fiables ne doivent pas être ouverts.
• Avoir le système d’exploitation à jour avec toutes les dernières mises à jour de Microsoft disponibles.
• Dans le cas de l’attaque d’hier, nous recommandons d’utiliser ETERNALBLUE assurez-vous que le patch: https://technet.microsoft.com/en-us/ bibliothèque / sécurité / ms17-010.aspx est appliqué.
• Installer un produit de sécurité Panda et de le tenir à jour.
• Faire des copies de sauvegarde de vos fichiers.
Merci!
Bien cordialement,
Panda Security.
I would rather want to know how to prevent it from infecting my computer. WannaCry used Samba to spread so if I didn’t use Samba, I think I was safe. But in here, I can find no information about how to feel safe!
Hello,
If your computer is patched against the vulnerability MS17-010 it should not be affected, but be aware that the first entry path is not yet known, so we would also recommend to not open attachments from unknown sources. Please, follow the tips we provide you in the following link: https://www.pandasecurity.com/en/support/card?id=1690
Thanks!
Best regards,
Thank you!
You are welcome! ?
Can this effect uefi?
Hi Gregg,
MBR (Master Boot Record) is the partitioning scheme which is coupled with the use of BIOS (Basic Input Output System). There is however a newer standard available instead of BIOS which is called UEFI (Unified Extensible Firmware Interface). UEFI has a lot of advantages over BIOS and provides for example more security. The UEFI is coupled with the GPT (GUID Partition Table) partitioning scheme.
Recent Windows versions (8, 8.1 and 10) use UEFI by default and therefore have GPT instead of MBR. This makes them immune to the current Petya malware.
Thanks for your message!
Best regards,
Panda Security.
Bonjour , est-ce que ce ransomware touche aussi linux , j’utilise zorin os 12 avec firefox comme navigateur à jour .
cordialement
Cher Philippe,
Dans le cas précis de cette attaque de « Petya », votre machine est protégée car la propagation du malware se fait sous Windows. Il est cependant recommandé d’être vigilant sous d’autres plateformes.
Cordialement,
Panda Security.
hi thanks for the good info im going to share this article with my friends thanks
Thanks for reading us Tomas!
Best regards,
Panda Security.