This week, there is a new ransomware attack infecting airlines, banks, and utilities across Europe and the US.
Reminiscent of last month’s WannaCry attack, there is a ransomware exploiting vulnerabilities in the Windows operating system. Once a computer is infected, the hard drive is encrypted with a private key, meaning only the attacker has access to the data. The hackers then demand a ransom in Bitcoin to unlock the computer’s data.
Take a look at a video of how CUJO stops it:
What industries were affected?
The most severe damage is being reported in Ukraine, with systems in the central bank, state telecom, public metro, airport, and various business being affected. Even the Chernobyl nuclear power plant is affected, having to switch to manual monitoring systems.
The virus has spread internationally. The Danish shipping company Maersk, which is the largest shipping company in the world, is reporting systems down. In Russia, the oil company Rosneft has been infected.
There are now cases being recorded in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper. At Merck, the problem extended to the global offices, with phones and PCs out of action, and employees going home.
Petya or notPetya?
Security researchers from various companies have first identified this ransomware as “Petya” but then later clarified that it is a new strain, now calling it “NotPetya.” The virus has attacked at least 2,000 users as of this afternoon, but the final count is likely to be much higher.
The security researchers are reporting that this ransomware uses the same exploit as used in WannaCry. Originally published in April by the Shadow Brokers, the EternalBlue exploit targets Windows’ SMB file-sharing system and is believed to have been developed by the NSA. Microsoft has since patched the vulnerability, but administrators have been slow to update their systems.
The Petya ransomware authors are professionals, and they use something of like an affiliate model for their payouts. Distributors of the ransomware receive up to 85% of the paid ransom with the malware creators keeping 15%.
At the time of this email, 22 payments have been made in Bitcoin, with the amount totaling to just $5,515. Which might be a good day’s pay for a lot of people, but no doubt the giant global corporations affected would’ve gladly paid more to avoid this entire problem.
How CUJO stops it?
By now, you’re probably wondering how CUJO protects from malware such as this. CUJO protects you from receiving the malicious payload. Meaning that we have up to the second updates on the websites that could be hosting this malware.
If you would click on a link in an email or go to a website that is known to be hosting this ransomware, CUJO would block it immediately. We recommend updating your operating systems to the latest version, especially if you are a Windows user.