NotPetya Ransomware alert: The Combo

This international Cyberattack struck multiple countries on Tuesday June 27th 2017 using a phishing and a ransomware combo attack.

Wooxo's blog

Ransomware Alert - NotPetya

 

NotPetya – This original name was giver by the Kaskpersky Lab team who clarified the link with Petya ransomware from April 2016. Their codes are practically the same; nevertheless the final objective is different. Petya was clearly aiming to make money from its victims. NotPetya doesn’t seem to have the same goal.

A Cyberattack combo.

It all begins with a fraudulent email. Phishing consists in pretending to be a familiar contact (here it’s Microsoft Office), and send an email with an infected attachment.

If the user is not vigilant, the virus (here a Malware/Ransomware) enters his computer. Then the Ransomware phase is on: A black screen with red writings demands the payment of a 300 dollars ransom to get the key to break the code.  

Although it appears to be a ransomware, the email address that is supposed to receive the payment confirmations was created in an ordinary German email provider who shot it down as soon as possible. So nobody can pay the ransom. Yet these hackers are obviously not amateurs. So we are wondering if this Cyberattack’s goal isn’t just a perfectly orchestrated generalized chaos.

Hacking – Level UP!

NotPetya’s particularity is the encryption of the operating system and the files catalogue. It freezes the data upstream in less than a minute, so not only does it corrupt the company’s files but the whole operating system becomes unusable. The usual backups are not sufficient anymore. The only way to counter these attacks is to have a clean backup of the entire system image with a software which uses versioning, to make sure you won’t overwrite it with an infected one.

 

 

notpetya screen

This new ransomware is also related to Wannacry, the last big cyberwave, since it uses the same Microsoft security breach – EternalBlue – which has now been patched. Obviously, a lot of computers did not update Windows… This flaw allows the virus to spread in a company’s network before the complete shutdown of the first infected machine.

 

But NotPetya’s level up is in the use of another Microsoft flaw: EternalRomance allows for the distant extraction of administrator passwords and thus the mass diffusion of this virus on clean computers who have already patched Windows.

 

It seems like nobody‘s spared. Because of these multiple spreading channels, one unpatched computer can bring down hundreds of others.

 

This ransomware has multiple ways of propagation and its aim is to freeze the networks.

The only way out is to have a clean version of your operating system and all your data saved on a device protected from all encryption. 

► What can you do?

  • The emergency response is to isolate and shut down your computer, unplug it from the network and wifi.
  • Do NOT pay a ransom.
  • Make sure your computer is updated.
  • Do NOT open suspect attachments in emails.
  • Make sure your antivirus software is updated.
  • Talk about it to your colleagues and your contacts.

Ask for a free checkup!