A new ransomware attack called Petya, PetyaWrap, or GoldenEye began spreading worldwide on June 27th, and it looks similar to the WannaCry outbreak in May. It targets Microsoft Windows operating systems and so far reports show that all systems from XP to Windows 10 are susceptible.
Petya looks to be more sophisticated than WannaCry and doesn’t have the same flaws that allowed a “killswitch” to slow down WannaCry’s progress. This means Petya may be a more virulent attack and harder to slow down and stop, although experts are saying they hope the patching of the known exploits it uses after the WannaCry outbreak may limit its impact.
Petya delivers two nasty payloads: ransomware which targets a computer’s entire file system and an information stealer which extracts usernames and passwords from other machines in the network.
So far, this outbreak takes advantage of the same EternalBlue exploit as last month’s WannaCry attack. It also targets another exploit called EternalRomance. Both of these exploits were patched by Microsoft in March. There may also be infection methods that work by using other vulnerabilities and tools, and Petya can spread to machines that are already patched against the EternalBlue and EternalRomance exploits.
Are you protected? What should you do next?
If you would like us to help you ensure that your systems and all machines on your network are patched and protected, please contact us.
Worried you are infected?
If you believe you have been infected by this Petya outbreak or any other strain of ransomware, please contact Spire Tech immediately so we can help you.