We have seen 12,000 attack attempts today (). Microsoft released a patch for both vulnerabilities in March. by abusing two SMB vulnerabilities, EternalBlue (the same vulnerability used to spread WannaCry) and EternalRomance. spreading via Windows network shares by using victim’s stolen credentials (this is done via a bundled Mimikatz-like tool, which extracts passwords) and legitimate tools PsExec and WMIC. Once this modification of Petya infects the network, it continues spreading using two different methods. Malware writers behind the attack, are demanding a $300 ransom to be paid in the Bitcoin cryptocurrency.Īs we analyzed this outbreak, we’ve found an infection vector tied to an updater for Ukrainian accounting software, MEDoc. The attack appears to be spreading with incidents being reported in Russia, India, France, Spain and also the Netherlands. A few months ago, Petya ransomware was spotted patched and bundled as a different malware strain called PetrWrap.
Avast believes this is another example of the Petya-based ransomware, which was first identified in 2016. Petya-based ransomware is spreading and infecting computers around the world.įurther to reports of a massive cyber attack hitting a number of companies in Ukraine, including banks, energy companies and transport services as well as the government.