Wide-scale Petya variant ransomware attack noted

Wide-scale Petya variant ransomware attack noted
Sent from a reader earlier today: Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices. Have you heard anything on this? A quick check reveals that, apparently, another global ransomware attack is making the rounds today. Forbes: Another Massive Ransomware Outbreak Is Going Global Fast (2017-06-27 14:44 UTC) International Business Times: It's happening again: Huge ransomware attack on computer systems 'spreading worldwide' (updated 2017-06-27 14:23 UTC) The Verge: A new ransomware attack is devastating airlines, banks, and utilities across Europe (2017-06-27 14:01 UTC) Initial reports indicate this is much like last month's WannaCry attack. According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap. At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector. Alleged samples of this ransomware include the following SHA256 hashes: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 8143d7d370015ccebcdaafce3f399156ffdf045ac8bedcc67bdffb1507be0b58 AlienVault Open Threat Exchange (OTX) is currently tracking this threat at: https://otx.alienvault.com/pulse/59525e7a95270e240c055ead/ We'll provide more information as it becomes available.	Brad 435 Posts ISC Handler Jun 27th 2017
Thread locked Subscribe	Jun 27th 2017 4 years ago
Symantec is claiming ETERNALBLUE (SMBv1) is being used as the exploit. Ref: https://twitter.com/threatintel/status/879716609203613698	da7rutrak 1 Posts
Quote	Jun 27th 2017 4 years ago
Good timing on the diary from 21 June... 'It has been a month and a bit how is your new patching program holding up?' https://dshield.org/forums/diary/It+has+been+a+month+and+a+bit+how+is+your+new+patching+program+holding+up/22540/	Nicolas 4 Posts
Quote	Jun 27th 2017 4 years ago
BLEEPING Computer: https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/ theREGISTER http://www.theregister.co.uk/2017/06/27/ransomware_outbreak_hits_ukraine/ NAKED Security (Sophos): https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/ SECURITY Week: http://www.securityweek.com/petya-ransomware-outbreak-hits-organizations-globally MOTHERboard https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now BBC http://www.bbc.com/news/technology-40416611 RECORDED Future stats show an uptick today	Brett 19 Posts
Quote	Jun 27th 2017 4 years ago
Thanks for the additional links, Brett. Definitely a lot is being written about today's attack.	Brad 435 Posts ISC Handler
Quote	Jun 27th 2017 4 years ago
Seems like wmic and psexec is being used for lateral movement too. -- Regards Falk	Falk 2 Posts
Quote	Jun 27th 2017 4 years ago
Heard same rumors about Merck, PRG employees told not to start PCs and sent home.	Anonymous
Quote	Jun 29th 2017 4 years ago