A new strain of the Petya ransomware started propagating on June 27, 2017, infecting many organizations. Similar to WannaCry, Petya Ransomware uses the Eternal Blue exploit to propagate itself. Petya is taking down corporate networks that run mainly on Microsoft Windows software. It has already hit most Government applications in Ukraine as well as major companies in Europe including advertising agency WPP and law firm DLA Piper.
Friday May 12th will be the day we remember the start of the mayhem caused by ‘WannaCry’, the most successful ransomware infection in history. Since Friday, Security teams have been running around with their heads on fire trying to get ahead of the infection and to understand the malware’s capabilities. In the process, a lot new sales lead ransomware experts seem to have risen from the depths and have confused the situation further.
The recent WannaCry ransomware attack, that has hit over 100 countries, would have been much larger had it not been for the early actions of both a UK cybersecurity researcher who blogs for Malwaretech and two Proofpoint researchers. In this attack, a powerful Microsoft exploit turned into a very nasty worm. As part of their initial effort, the researchers found and sinkholed a domain name hardcoded in the malware, for $10.69 during the early stages of the attack.