New Petya Ransomware Attack Prevented by Minerva

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

New Petya Ransomware is spreading fast and appears to be more lethal than ransomware we’ve seen before. Learn more in this latest blog post and see how it can be prevented with Minerva

During the last 12 hours, a new ransomware campaign is causing mayhem in what appears to be a one of the most catastrophic and aggressive ransomware attacks ever seen.

The ransomware is related to the Petya\Petwrap family which appeared over a year ago however the new variant is spread not only by conventional phishing emails. Like the WannaCry campaign, it uses the leaked NSA ETERNALBLUE exploit to spread itself within the infected network over the SMB protocol:

Once the machine is infected and the critical hard drive sectors are overridden a scheduled task forcing a reboot will be scheduled in one hour:

As an alternative measure, it can also cause a blue-screen-of-death (BSoD) to force a restart using the undocumented NtRaiseHardError Windows API.

After the machine is rebooted a fake CHKDSK screen appears:

Then comes a ransom note:

However, unlike other ransomware attacks that encrypts all your file data, this ransomware hijacks your entire machine at the operating system level, rendering it unusable to run any programs.

So far, over 1.8 bitcoins (this is just under $5000 dollars) have already been transferred to the wallet associated with this attack in 18 different transactions…and this amount is likely to rise in the coming days:

Preventing the New Petya Attack

Minerva’s Anti-Evasion platform prevents Petya’s malicious code injection attempt, thwarting the entire attack before any damage is done. Minerva’s technology deceives the malware regarding its ability to interact with other processes and denies its access to memory, credit card data and other sensitive information. This approach is effective against a variety of memory injection techniques and allows you to address the increasing threat of fileless malware.

 

Request a demo to see it in action.

IoCSHA256

027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

64b0b58a2c030c77fdb2b537b2fcc4af432bc55ffb36599a31d418c7c69e94b1



Bitcoin Wallet

https://blockchain.info/address/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
33 Followers
About Minerva Labs
Minerva Labs is an innovative endpoint security solution provider that protects enterprises from today's stealthiest attacks without the need to detect threats first, all before any damage has been done. Minerva's Anti-Evasion Platform blocks threats that bypass antivirus and other baseline protection solutions by deceiving the malware and controlling how it perceives its environment. Without relying on signatures, models or behavioral patterns, the solution causes the malware to disarm itself, thwarting the attack before the need to engage costly security resources.
Promoted Content
WEBINAR: Safeguarding Endpoints with Vaccination: What It Is and Why You Should Care
We kindly invite you to participate in our upcoming educational webinar where Lenny Zeltser, our VP Product will talk about Safeguarding Endpoints with Vaccination. Incident response teams spend tremendous time and effort trying to contain attacks. What if you could contain attacks automatically and even prevent outbreaks before they have penetrated your organization, wouldn’t you want to know how? In this webinar, you will learn:• What malware vaccination is and how you can use it to protect enterprise endpoints• The challenges of deploying vaccines in an enterprise setting and how to overcome them• How it can be used to collect forensics details about malware to enrich threat intelligence. • Real-world vaccination examples Join us on September 27, 1pm EST!
232
Save
Share
Facebook
Twitter
LinkedIn
Email
Like
11/28/2017
262
Save
Share
Facebook
Twitter
LinkedIn
Email
Like
10/26/2017

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel