Europe hit by new ransomware epidemy

A new massive string of ransomware attacks has been detected, starting on 27 June. The infection mostly hit European countries including Ukraine, which faces most severe consequences. The victims of the virus, which shares many similarities with the Petya ransomware, are corporations, power suppliers, banks and regular users. The new malware uses the same Windows SMB vulnerability as the WannaCry ransomware, but also infects computers in internal networks via a WMIC interface and a PsExec program, which enables remote access and the initialization of a new software. Unlike the majority of ransomware, this tool does not encrypt the files themselves but rather a MFT database, which stores the relevant file information.

It seems the profits won't be as high as the perpetrators expected, since the German e-mail service provider has taken down the account serving as a channel to obtain the decryption keys after payment, and thus rendered the option useless. So far about 23 payments from victims were registered, equalling around 6800 dollars.

About author: Roman Šulc

Partners

Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace