NOW this is in fact interesting to say the least...Kaspersky is usually well informed.
Kaspersky Lab analysts say new attacks are not a variant of Petya ransomware as publicly reported, but a new ransomware they call NotPetya
Analysis is coming faster from field IT types than from Kaspersky....
I am on a train analysing Petya. I think this will be bigger than WannaCry. It's much better designed. Has automated lateral movement.
Last edited by OUTLAW 09; 06-27-2017 at 05:36 PM.
Petya cyber attack: Ransomware spreads across Europe with firms in Ukraine, Britain and Spain shut down
http://www.telegraph.co.uk/news/2017...yber-attack1/#
KEY....this attack started in Ukraine as the main initial target.......with bleed over into other countries simply because the internet is the internet......
Right now there is no evidence that the number of Ukraine firms hit was caused by phishing...a large number were actually hacked and the malware inserted into the network and then it spread on its own due to the ability to move laterally.....
Last edited by OUTLAW 09; 06-27-2017 at 05:48 PM.
List of Ukrainian companies & agencies whose websites were attacked on June 27 (live updates)
https://en.censor.net.ua/news/445650..._live_updates#
Interesting to say the least.....
Not confirmed and the company denies it was their update causing the attack....appears if true to have used an app to transfer the malware kind of an end run hack using an app...again if true....
Ukrainian Cyber Police on MeDoc vulnerability, -latest "auto update" of app was hijacked by Petya.
And hit all computers with MeDoc
Following elimination of the malware is now being used...
It seems if you run fixdisk /all and reboot the computer you get rid of NotPetya malware.
Not so sure the malware coders actually thought this kill trigger through when they were coding NotPetya......
There seems to be differing statements as to exactly what the malware was from yesterdays attack.....NotPetya or Goldeneye.....both being ransomware....
But if the literature and all the researchers are correct both are distributed via phishing attacks...and here is where the problem begins....
That would in fact mean that whoever turned it loose has spent the last several months infecting computers when users fell for a particular phishing style...AND that had to be done in countless networks and in countless companies across of all Ukrainer yesterday
The problem is then once it is triggered we would have seen the instant screen pop up demanding a ransom of 300 USD in bitcoin....
So to believe that suddenly and thoroughly all across Ukraine yesterday all Ukrainian computer end users simply clicked on a phished email is nothing but stupid to say the least...and that in multiple different types of businesses and networks with varying degrees of security.
Especially since this version seems to travel laterally ...question then arises is ...was the targeted network first hacked and then the ransom injected into the network....
BUT then we had some good analysts saying it was a ransomware version called Petwrap.....also designed to address the#Windows SMBv1 vulnerability.
BUT again all of these different ransomware types still takes a successful phishing campaign....and again hitting all networks and all types of business models at the same time takes a well thought out attack plan and it takes the end users to be clicking on that phished email all at the same time....which is totally unnormal human behavior which phishing is designed to use in its favour.....
At the same time this so called ransomware attack was ongoing there was a series of actual hacker attacks which hit all of the business models that were affected....and either routers and then switches were attacked and downed but only for a certain period and then they came back on line after they rebooted....and rebuilt their routing tables....
So was this deliberate hacking event the trigger for the sudden and widespread explosion of a ransom malware attack....
KEY is the Kaspersky statement where they stated early on that this is a malware never seen before.....Petya...NotPetya...Goldeneye.....Petwra p have all been seen before in both the wild and in attacks....so why would Kaspersky state this is something totally new and which has not been seen before???
So exactly how does a group of ransomeware using normally in the past get into a network without phishing????
Secondly, another bad news is that currently, only a small portion of antivirus software is able to detect the threat, according to VirusTotal, only 15 out of 61 anti-virus services are able to detect Petwrap.
Last edited by OUTLAW 09; 06-28-2017 at 07:19 AM.
Posting Permissions
Bookmarks