There has been massive attack made by the ransomware that mainly hits Ukraine in last month, but some experts says, its spreading globally. However, there are organizations in the multiple countries that hit the second global scale ransomware, which may be describes as variant of Petya ransomware, dubbed as “NotPetya Ransomware”. It has disrupted so many organizations including those falls in the critical infrastructure sectors as in Russia, Ukraine, France, Spain, Netherlands, Denmark And India.
Among those who are already get infected or become victims of this campaign are Russia’s Top Oil Company Rosneft, Danish Shipping Giant A. P Moller-Maersk, Russian Metals manufacturer Evraz, Ukraine’s Boryspyl Airport, US Pharmaceutials company Merck, and Radiation detection systems at Chernobyl.
However, several security analyst have described this attack as similar to WannaCry Ransomware from lats month detection, in some aspects and different in others. But the bigger difference is that the new attacks appear more professional and harder to stop through a killswitch like the one that took the wind out of the WannaCry’s Sails.
Moreover, “A clever security researcher was able to capitalize on a careless mistake that is made by the attackers behind WannaCry”, to stop that threat. The F-Secure security Advisor Sean Sullivan Said that “WannaCry attackers failed because they could not handle the number of victims they created”. But the new campaign comes across the more professional, as “Amateur hour is definitely over when it comes to launching the global ransomware attacks”, he said.
According to Kaspersky, it had been said that their initial analysis showed that this is a completely new malware that never seen previously. Another one as Chris Wysopal, as co-founder and CTO of Veracode, said that this ongoing campaign is more similar to Petya functionalities, as the matter of fact is that only two AV Products were able to detect it initially, that suggest NotPetya Ransomware as new ransomware.
Researchers at Cyphort also said that their analysis shows the malware initial distribution method to be a malicious link in an email that were sent from an unknown source . Additionally, SMB shares the new malware that can also spread laterally to systems on an infected network using the Windows Management Instrumentation (WMI) feature. He also added that its researcher had observed some payloads to include a variant of the Loki Bot Information stealing Trojan variant for extracting user-names as well as passwords from infected systems. Here victims are being asked to pay approx $300 in Bitcoin for their data to get unlocked.
This new Preya variant “NotPetya Ransomware” spreading the same NSA exploit employed by the WannaCry Ransomware that made waves last month, says, Lenny Zeltser, the Vice President of Products at Minerva, an Israel-based provider of the endpoint security tools.
However the rapid spread of the Petya Variant NotPetya Ransomware shows that there are many companies that have not implemented basic precautions, such as applying Microsoft’s patch or segmenting the network and blocking unnecessary protocols, that would have blocked this propagation mechanism.
A new researcher as Galina Antova, the co-founder of Claroty, described the situations as still evolving. They said that “we will know more about the malware involved – and get better insights into the potential” actors that are behind the WannaCry Ransomware.
After summing up this research, we come to the conclusion that, 2017 is showing a new threat where targeted attacks are impacting the most critical industries.” Moreover, Antova Says “Its a matter of time before we see wide spread impact that will have immediate consequences for the global economy. Hence, we need to move quickly to secure our most critical networks”.