Threat Brief:- 'Petya' Ransomware

Written by: Paul Sweeney | June 28, 2017

Cyber Attack-01

On the morning of 27th June, a ransomware outbreak - bearing some of the characteristics of last years’ Petya malware attack – was discovered emanating from the Ukraine. The malware has since spread across Europe, the Far East and the US.

While details are still emerging, the Petya-like attack attempts to spread to other hosts using the Server Message Block (SMB) protocol by exploiting the ETERNALBLUE vulnerability (CVE-2017-0144) on Microsoft Windows systems. This vulnerability was publicly disclosed by the Shadow Brokers group in April 2017, and was addressed by Microsoft in March 2017 with the MS17-010 update.

Analysis is ongoing, but it is recommended you ensure the MS17-010 patch is installed, and unpatched Windows systems are removed from the network.

 Subscribe to the LAN3 Blog

sign up for our Blog

Related posts