Petya Or NotPetya: Why The Latest Ransomware Is Deadlier Than WannaCry

Author:
Thomas Fox-Brewster

The world suffered another ransomware nightmare Tuesday, with pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport and banks all affected. One U.S. hospital also appears to be a victim. Worse is expected, thanks to some pernicious features in the ransomware sample.

The malware widely believed to be responsible is a version of Petya which security researchers are calling “NotPetya.” It’s similar to Petya, but different enough to qualify as an entirely new form of ransomware, researchers say. Backing up NotPetya is an exploit method borrowed from a leaked NSA hack called EternalBlue, the same which WannaCry used to infect hundreds of thousands of computers and take down hospital networks. Though with the new strain, only computers on a local network are scanned, not the entire internet, as WannaCry attempted.

That’s cause for embarrassment among infected companies: Microsoft released a patch earlier this year which prevented any EternalBlue hacks, even pushing out updates for older, unsupported Windows systems like XP. Businesses should have patched by now, especially given the carnage WannaCry caused.

 

The article's full-text is available here.

Back to CIRSD recommends

Latest news