Petya Ransomware is back to cause havoc


The world suffered another wreaking nightmare on Tuesday with the attack of a new NotPetya ransomware. Using the same malicious code as used by Wanna-Cry Ransomware. Researchers are calling it NotPetya, as it is a version of Petya Ransomware but in many ways, can be classified as a different ransomware.

In India companies such as Reckitt Benckiser as well as Beiersdorf, makers of Nivea cream reported compromise. India’s largest port, Jawaharlal Nehru Port Trust (JNPT), is also a victim because AP Moller Maersk a Danish cargo carrier got infected in The Hague office. The cargo containers are being moved manually and without the use of system.

NotPetya is backed up by the same leaked NSA hack called Eternal-Blue used by WannaCry Ransomware a few days back affecting millions of computers. Microsoft had already released a patch (the Eternal-Blue vulnerability MS17-010) after WannaCry Ransomware to avoid any Eternal-Blue hacks, and thus it is an embarrassment for the companies who have not updated their systems with this latest patch.

This is a particularly vicious ransomware attack because it not only encrypts the victim’s files using a highly advanced cryptographic mechanism but also locks the entire hard drive by overwriting the master reboot record and then demands a ransom in the virtual currency bitcoin for its release. It makes the drive total unusable.

The widespread attack affected global and national organisations including many pharmaceutical companies, Chernobyl radiation detection systems, Ukranian National Bank, the Kiev metro, British advertising firm WPP and logistics company Maersk. Major countries affected by this ransomware are Ukraine, UK, Russia, Polland, France, Denmark and Pittsburgh, US and others.

Immediate Call to Action:

  1. Block source E-mail address :
  2. Block domains:
  3. Block IPs:
  4. Apply Patches: Refer(in Russian):
  5. Disable SMBv1
  6. Update Anti-Virus hashes
    myguy.xls EE29B9C01318A1E23836B949942DB14D4811246FDAE2F41DF9F0DCD922C63BC6
    BCA9D6.exe 17DACEDB6F0379A65160D73C0AE3AA1F03465AE75CB6AE754C7DCB3017AF1FBD

WannaCry had many bugs and hence had a killswitch to get rid of, whereas NotPetya seems to be a work of professionals and hence stopping it without paying the ransom is going to be a real challenge. David Kennedy (former NSA analyst and cybersecurity entrepreneur) has rightly stated “This is going to be a big one. Real big one”.

Cloud email security and Advanced threat protection should be used immediately to mitigate as well as prevent the situation in future. Prevention is the eternal rule of defence in the cyber world. Logix Infosecurity provides the latest technology to prevent your company from such attacks. Security layers for Sandboxing can be a powerful tool in such situations.

Ebook Email Security

Leave a Reply

Your email address will not be published. Required fields are marked *

Continue to chat
Hello 👋
Let us know how we can help you!