Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Wide-scale Petya variant ransomware attack noted

Published: 2017-06-27
Last Updated: 2017-06-27 15:04:50 UTC
by Brad Duncan (Version: 1)
6 comment(s)

Sent from a reader earlier today:

  • Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices.  Have you heard anything on this?

A quick check reveals that, apparently, another global ransomware attack is making the rounds today.

Initial reports indicate this is much like last month's WannaCry attack.  According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap.  At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector.

Alleged samples of this ransomware include the following SHA256 hashes:

AlienVault Open Threat Exchange (OTX) is currently tracking this threat at:

We'll provide more information as it becomes available.

Keywords:
6 comment(s)
Diary Archives