Sent from a reader earlier today:
A quick check reveals that, apparently, another global ransomware attack is making the rounds today.
Initial reports indicate this is much like last month's WannaCry attack. According to the Verge article, today's ransomware appears to be a new Petya variant called Petyawrap. At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector. Alleged samples of this ransomware include the following SHA256 hashes:
AlienVault Open Threat Exchange (OTX) is currently tracking this threat at: We'll provide more information as it becomes available. |
Brad 435 Posts ISC Handler Jun 27th 2017 |
Thread locked Subscribe |
Jun 27th 2017 4 years ago |
Symantec is claiming ETERNALBLUE (SMBv1) is being used as the exploit. Ref: https://twitter.com/threatintel/status/879716609203613698
|
da7rutrak 1 Posts |
Quote |
Jun 27th 2017 4 years ago |
Good timing on the diary from 21 June... 'It has been a month and a bit how is your new patching program holding up?'
https://dshield.org/forums/diary/It+has+been+a+month+and+a+bit+how+is+your+new+patching+program+holding+up/22540/ |
Nicolas 4 Posts |
Quote |
Jun 27th 2017 4 years ago |
BLEEPING Computer:
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/ theREGISTER http://www.theregister.co.uk/2017/06/27/ransomware_outbreak_hits_ukraine/ NAKED Security (Sophos): https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/ SECURITY Week: http://www.securityweek.com/petya-ransomware-outbreak-hits-organizations-globally MOTHERboard https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now BBC http://www.bbc.com/news/technology-40416611 RECORDED Future stats show an uptick today |
Brett 19 Posts |
Quote |
Jun 27th 2017 4 years ago |
Thanks for the additional links, Brett. Definitely a lot is being written about today's attack.
|
Brad 435 Posts ISC Handler |
Quote |
Jun 27th 2017 4 years ago |
Seems like wmic and psexec is being used for lateral movement too.
-- Regards Falk |
Falk 2 Posts |
Quote |
Jun 27th 2017 4 years ago |
Heard same rumors about Merck, PRG employees told not to start PCs and sent home.
|
Anonymous |
Quote |
Jun 29th 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!