Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Digital Shadows: Comment on Petya Ransomware

June 2017 by Digital Shadows

Following the Petya ransomware attack, the second major
ransomware crime in two months, that crippled companies across the globe, Becky Pinkard, Vice President, Service Delivery and Intelligence Operations, Digital Shadows, comments:"

"Digital Shadows is warning businesses impacted by the latest ransomware
attack Petya not to pay the $300 bitcoin fee as Posteo administrators have
disconnected the email address associated with paying the ransomware to get
unlock keys for impacted systems. It means that if anyone paying the ransom
to unencrypt their files tries to do so, the criminals who distributed the
attack are unable to access the bitcoin account the ransom goes to; so they
will not be able to release the keys for the encrypted files - even if they
ever intended to do so.

Petya first appeared this morning and has been spreading around the world,
mainly infecting businesses and government agencies and departments in the
Ukraine and Russia, but there have been increasing reports of businesses in
other countries also being compromised, with reports filtering in from the
US, UK, Germany, Switzerland and Holland, as some examples. The malware
itself appears to be a straightforward ransomware program. Once infected,
the virus encrypts each computer to a private key, rendering it unusable
until the system is decrypted. The program then instructs the user to pay
the $300 ransom to a static Bitcoin address, then email the bitcoin wallet
and personal ID to the email address, which is now blocked.

There is some confusion over the origins and nature of Petya, with some
reports suggesting there are similarities to WannaCry and that it utilizes
the #ETERNALBLUE SMBv1 worm functionality. More work is needed to
investigate the way the virus propagates; in the meantime businesses are
urged to ensure their software is up-to-date and all files backed up."


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts