{"id":8063,"date":"2017-06-27T10:31:29","date_gmt":"2017-06-27T18:31:29","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/06\/27\/news-1840\/"},"modified":"2017-06-27T10:31:29","modified_gmt":"2017-06-27T18:31:29","slug":"news-1840","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/06\/27\/news-1840\/","title":{"rendered":"New ransomware outbreak"},"content":{"rendered":"<p><strong>Credit to Author: Marvin the Robot| Date: Tue, 27 Jun 2017 17:42:39 +0000<\/strong><\/p>\n<p>Just a few hours ago, a global ransomware outbreak began, and it looks to be as big as the <a href=\"https:\/\/blog.kaspersky.com\/wannacry-ransomware\/16518\/\" target=\"_blank\">WannaCry story<\/a> that broke not so long ago.<\/p>\n<p> <a href=\"https:\/\/d1srlirzdlmpew.cloudfront.net\/wp-content\/uploads\/sites\/92\/2017\/06\/27133416\/wannamore-ransomware-featured.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/d1srlirzdlmpew.cloudfront.net\/wp-content\/uploads\/sites\/92\/2017\/06\/27133416\/wannamore-ransomware-featured.jpg\" alt=\"New ransomware outbreak\" width=\"1460\" height=\"960\" class=\"aligncenter size-full wp-image-17315\" \/><\/a> <\/p>\n<p>Those few hours were enough for several large companies from different countries to report infection, and the magnitude of the epidemic is likely to grow even more.<\/p>\n<p>It&#8217;s not yet clear what exactly the new ransomware is. Some thought it might be either some variation of <a href=\"https:\/\/blog.kaspersky.com\/petya-ransomware\/11715\/\" target=\"_blank\">Petya<\/a> (be it Petya.A, Petya.D, or <a href=\"https:\/\/securelist.ru\/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks\/30388\/\" target=\"_blank\" rel=\"nofollow\">PetrWrap<\/a>), or that it could be WannaCry (it&#8217;s not). Kaspersky Lab experts are now investigating this new threat, and as soon they come up with solid facts, we&#8217;ll update this post.<\/p>\n<p>This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within corporate networks.<\/p>\n<p> <a href=\"https:\/\/d1srlirzdlmpew.cloudfront.net\/wp-content\/uploads\/sites\/92\/2017\/06\/27133735\/wannamore-ransomware-screenshot.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/d1srlirzdlmpew.cloudfront.net\/wp-content\/uploads\/sites\/92\/2017\/06\/27133735\/wannamore-ransomware-screenshot.jpg\" alt=\"\" width=\"1280\" height=\"745\" class=\"aligncenter size-full wp-image-17316\" \/><\/a> <\/p>\n<p>For now, know that Kaspersky Lab&#8217;s products detect the new ransomware using Kaspersky Security Network (KSN) with a verdict UDS:DangerousObject.Multi.Generic. Here&#8217;s what we recommend our customers do:<\/p>\n<ol>\n<li>Make sure that the Kaspersky Security Network and System Watcher components are turned on.<\/li>\n<li>Manually update the antivirus databases <b>immediately<\/b>. It&#8217;s also worth updating them several times in the next few hours.<\/li>\n<li>As an additional means of protection, you can also use the AppLocker feature to disable execution of a file called <i>perfc.dat<\/i> and the PSExec utility from the Sysinternals Suite.<\/li>\n<li>Install all security updates for Windows. The one that fixes bugs exploited by EternalBlue is especially important. <a href=\"https:\/\/blog.kaspersky.com\/wannacry-windows-update\/16593\/\" target=\"_blank\">Here we explain how to do it<\/a>.<\/li>\n<\/ol>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"1894\" \/> <br \/><a href=\"https:\/\/blog.kaspersky.com\/new-ransomware-epidemics\/17314\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Marvin the Robot| Date: Tue, 27 Jun 2017 17:42:39 +0000<\/strong><\/p>\n<p>A new ransomware outbreak is happening right now. Here&#8217;s what we know so far and what you can do to protect yourself from the threat.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[12821,12290,12822,32,12288,12823,3765,714,10438,12269,12252],"class_list":["post-8063","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-blockers","tag-cryptors","tag-epidemics","tag-news","tag-outbreak","tag-petya","tag-ransomware","tag-security","tag-threats","tag-trojans","tag-wannacry"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8063","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8063"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8063\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8063"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8063"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8063"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}