[Skunkworks] New Ransomware

Alex Gitahi alexkgitahi at gmail.com
Wed Jun 28 12:02:53 EAT 2017

Hi Listers,



[image: McAfee Shield]

Dear McAfee Customer,

Just over a month ago we reached out to you to educate you about the
WannaCry ransomware that impacted more than 150 countries. Today we have
another global cyberattack taking place. A new strain of ransomware is
spreading rapidly. Called Petya, or Petwrap, ransomware, it has hit
companies everywhere across Europe today, including Ukraine's government
facilities, electric grids, banks, and public transportation, demanding a
$300 ransom in Bitcoin in the process. It has since spread to companies
around the world.

So how does this Petya attack work, exactly? Going after Windows servers,
PCs, and laptops, this cyberattack appears to be an "updated variant" of
the Petya malware virus. It uses the SMB (Server Message Block)
vulnerability that WannaCry did, however in the case of Petya it encrypts,
among other files, your master boot file. These messages recommend you
conduct a system reboot, after which the system is inaccessible. This
basically means the operating system won't be able to locate files.

Now, the next question is - does this affect you, and what should you do to
stay secure? Though this attack is largely targeting companies, it's
important you stay vigilant and take precautionary measures. We encourage
you to follow these tips to help stay safe:

*Always make sure your McAfee anti-virus is up-to-date* to maximize the
protection available to you.

*Don't click too quickly.* This attack may be spreading through phishing or
spam emails, so make sure you check an email's content for legitimacy.
Hover over a link and see if it's going to a reliable URL. Or, if you're
unsure about an email's content or the source it came from, do a quick
search and look for other instances of this campaign, and what those
instances could tell you about the email's legitimacy.

*Do a complete back up.* Back up all your PCs immediately. If your machine
becomes infected with Petya ransomware, your data could become completely
inaccessible. Make sure you cover all your bases and have your data stored
on an external hard drive or elsewhere.

*Apply system and application updates.* This is spreading in organizations
using the same technique as WannaCry. Making sure your operating system is
up to date will help contain the spread of this malware.

You can stay updated on the Petya ransomware attack by checking our blog
site here

Gary J. Davis
Chief Consumer Security Evangelist
McAfee, LLC
Follow me on Twitter @GaryJDavis for breaking cybersecurity news.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.my.co.ke/pipermail/skunkworks/attachments/20170628/84ce45d6/attachment.html>

More information about the skunkworks mailing list