The Danger Is Not Over Yet !!Another Ransomware attack!!

28 Jun The Danger Is Not Over Yet !!Another Ransomware attack!!

petya campaign

The Danger is not over yet, the WannaCry ransomware is not dead yet and another large-scale ransomware attack is here, shutting down computers at corporates, power supplies, and banks across Russia, Ukraine, Spain, France, UK, India, and Europe and others. This ransom uses the contact details of wowsmith123456@posteo.net and asks for a payment of $300 in Bitcoin.

According to multiple sources, a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly with the help of same Windows SMBv1 vulnerability that the WannaCry ransomware abused to infect 300,000 systems and servers worldwide in just 72 hours last month.

The main culprit behind this attack is a new ransomware that researchers initially called Petya, because it resembled an older ransomware strain that encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer. Later, it was discovered this is a new strain altogether, which researchers have started referring to as NotPetya or Petna.

Petya is a nasty piece of ransomware and works very differently from any other ransomware malware. Unlike other traditional ransomware, Petya does not encrypt files on a targeted system one by one.
Instead, Petya reboots victim’s computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.

Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.

Below is some useful information about the Ransomware

 

Researcher finds Petya ransomware encrypt system after rebooting the computer. So, in case your system is infected with Petya ransomware and it tries to restart, just do not power it back on.

“If machine reboots and you see this message, power off right away! this is the encryption manner. if you do now not power on, documents are fine.” “Use a LiveCD or external machine to recover files”

To safeguard against any ransomware infection, you should constantly be suspicious of unwanted files and documents sent over an email and should never click on links inside them unless verifying the source.

Best protection from these kind of attacks is not using outdated and pirated software as they do not get any security updates and having secure & regular backups.

And make sure that you run a good and effective anti-virus security suite on your system, and keep it up-to-date. Most importantly, always browse the Internet safely.

Email address associated with infections:
wowsmith123456@posteo.net
Bitcoin address
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
Targeted file extensions:

.3ds.7z.accdb.ai.asp.aspx.avhd.back.bak.c.cfg.conf.cpp.cs.ctl.dbf.disk.djvu.doc.docx.dwg.eml.fdb.gz.h.hdd

.kdbx.mail.mdb.msg.nrg.ora.ost.ova.ovf.pdf.php.pmf.ppt.pptx.pst.pvi.py.pyc.rar.rtf.sln.sql.tar.vbox.vbs.vcb

.vdi.vfd.vmc.vmdk.vmsd.vmx.vsdx.vsv.work.xls.xlsx.xvd.zip.

 

 

 

 

 

 

Ransom note name:
README.TXT

 

Ransom note text:

Send your Bitcoin wallet ID and personal installation key to e-mail
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
Ooops, your important files are encrypted.
If you see this text, then your files are no longer accessible, because
they have been encrypted. Perhaps you are busy looking for a way to recover
your files, but don’t waste your time. Nobody can recover your files without
our decryption service.
We guarantee that you can recover all your files safely and easily.
All you need to do is submit the payment and purchase the decryption key.

Please follow the instructions:
Send $300 worth of Bitcoin to following address:
Does not encrypt files in this folder:
C:\Windows;

 

 

 

 

 

 

 

 

 

 

Sources: www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

Best protection from these types of the attacks is to safeguard your data with an efficient and secure Backup. Let us help you with this, click on buttons below to get started.

call an expert button                                                                           Book a demo button

Nikhil Verma
nikhil.verma@mismosystems.com
No Comments

Post A Comment