Petya Ransomware Causing Massive Attack

Thousands of computers around the globe have been hit by a new ransomware called Petya. Similar to WannaCry, the new ransomware is using the Ethernal Blue exploit as one of it mean to propagate itself inside network. After infecting the computers, victims are asked to pay $300 in bitcoins to regain access to their machine.
Several high profile firms have already been affected by the new ransomware. In Ukraine, the Ukraine’s central bank, the Kiev Boryspil Airport, Ukrenego electricity supplier, municipal metro, and state telecom have been attacked.

The international logistics company MAERSK has announced on its twitter account it has fallen victim of Petya ransomware.

 Researchers from Hacker Fantastic have noticed that the encryption process takes place after the infected windows device is rebooted. If devices are not powered on again, files will not be encrypted.

University College London (UCL) Suffered a Major Ransomware Attack


The University College London was hit by a major Ransomware attack on June 15 2017. The Ransomware infected personal and shared drives in the network and the UCL's information Security Team is working with the affected users to identify the exact source of the infection.
According to press release of the University, this could be a zero-day attack as the virus did not show any suspicious activity.

"We are continuing to investigate the infection that is affecting UCL users. Our current hypothesis is that the malware infection occurred through users visiting a website that has been compromised rather than being spread via email attachments. However this remains unconfirmed at the moment."

The security team later confirmed that the attack was not via email but by visiting infected website.
"We have continued to analyse the infection across the UCL filestore and the method of infection this is still ongoing. We have not seen any more users affected by the malware. We no longer think the infection came from an infected email but from users accessing a compromised website. Please be vigilant if you notice an unexpected popup or other unusual behaviour when you access a website close the browser and report it to Service Desk."

At the time of writing, the Security team were still restoring the infected drives.
Source: [UCL ISD News]

Visitors

Free counters!

Translate

MauriHackerS - Providing Latest IT Security and Hacking News !