The world suffered another wreaking nightmare on Tuesday with the attack of a new NotPetya ransomware. Using the same malicious code as used by Wanna-Cry Ransomware. Researchers are calling it NotPetya, as it is a version of Petya Ransomware but in many ways, can be classified as a different ransomware.
In India companies such as Reckitt Benckiser as well as Beiersdorf, makers of Nivea cream reported compromise. India’s largest port, Jawaharlal Nehru Port Trust (JNPT), is also a victim because AP Moller Maersk a Danish cargo carrier got infected in The Hague office. The cargo containers are being moved manually and without the use of system.
NotPetya is backed up by the same leaked NSA hack called Eternal-Blue used by WannaCry Ransomware a few days back affecting millions of computers. Microsoft had already released a patch (the Eternal-Blue vulnerability MS17-010) after WannaCry Ransomware to avoid any Eternal-Blue hacks, and thus it is an embarrassment for the companies who have not updated their systems with this latest patch.
This is a particularly vicious ransomware attack because it not only encrypts the victim’s files using a highly advanced cryptographic mechanism but also locks the entire hard drive by overwriting the master reboot record and then demands a ransom in the virtual currency bitcoin for its release. It makes the drive total unusable.
The widespread attack affected global and national organisations including many pharmaceutical companies, Chernobyl radiation detection systems, Ukranian National Bank, the Kiev metro, British advertising firm WPP and logistics company Maersk. Major countries affected by this ransomware are Ukraine, UK, Russia, Polland, France, Denmark and Pittsburgh, US and others.
Immediate Call to Action:
- Block source E-mail address : email@example.com
- Block domains:
- Block IPs:
- Apply Patches: Refer(in Russian): https://habrahabr.ru/post/331762/
- Disable SMBv1
- Update Anti-Virus hashes
WannaCry had many bugs and hence had a killswitch to get rid of, whereas NotPetya seems to be a work of professionals and hence stopping it without paying the ransom is going to be a real challenge. David Kennedy (former NSA analyst and cybersecurity entrepreneur) has rightly stated “This is going to be a big one. Real big one”.
Cloud email security and Advanced threat protection should be used immediately to mitigate as well as prevent the situation in future. Prevention is the eternal rule of defence in the cyber world. Logix Infosecurity provides the latest technology to prevent your company from such attacks. Security layers for Sandboxing can be a powerful tool in such situations.