Govt issues warning about new wave of Petya ransomware
- 28 June, 2017 08:40
Image credit: McAfee
The Australian government’s cyber security minister, Dan Tehan, has call on businesses to take urgent action to protect themselves in the wake of a new global wave of ransomware.
The new ransomware outbreak emerged in Europe, hitting a number of major enterprises, including Ukrainian government systems.
“Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc,” a Talos blog entry stated.
Security vendor McAfee said the ransomware appeared to be a new variant of Petya (dubbed NotPetya) that exploits the same SMB1 vulnerability as WannaCry to propagate.
"We are aware of the situation and monitoring it closely, we are in contact with our Five Eyes partners," Tehan said. "It appears to be the same vulnerability as WannaCry."
In Australia, the most high-profile victim of WannaCry was Victoria Police, which cancelled hundreds of speeding and red-light tickets that were based on malware-ridden traffic cameras.
Tehan urged businesses to visit the website of the Australian Cyber Security Centre (ACSC) or phone 1300 292371 (1300CYBER1) for more information.
McAfee in its analysis noted that Petya has been around since March 2016. In addition to encrypting a victim’s files, the malware will encrypt a system’s master boot record (MBR).
“The new variant found today has further increased its nastiness by adding a spreading mechanism similar to what we saw in WannaCry just a few weeks ago,” McAfee said.
“Petya comes as a Windows DLL with only one unnamed export, and uses the same Eternal Blue exploit when it attempts to infect remote machines,” the company’s analysis stated.
The vulnerability exploited by the malware has already been patched by Microsoft, which earlier this year also released patches for older versions of Windows that are not supported by the software vendor.