New ransomware outbreak
Credit to Author: Marvin the Robot| Date: Tue, 27 Jun 2017 17:42:39 +0000
Just a few hours ago, a global ransomware outbreak began, and it looks to be as big as the WannaCry story that broke not so long ago.
Those few hours were enough for several large companies from different countries to report infection, and the magnitude of the epidemic is likely to grow even more.
It’s not yet clear what exactly the new ransomware is. Some thought it might be either some variation of Petya (be it Petya.A, Petya.D, or PetrWrap), or that it could be WannaCry (it’s not). Kaspersky Lab experts are now investigating this new threat, and as soon they come up with solid facts, we’ll update this post.
This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within corporate networks.
For now, know that Kaspersky Lab’s products detect the new ransomware using Kaspersky Security Network (KSN) with a verdict UDS:DangerousObject.Multi.Generic. Here’s what we recommend our customers do:
- Make sure that the Kaspersky Security Network and System Watcher components are turned on.
- Manually update the antivirus databases immediately. It’s also worth updating them several times in the next few hours.
- As an additional means of protection, you can also use the AppLocker feature to disable execution of a file called perfc.dat and the PSExec utility from the Sysinternals Suite.
- Install all security updates for Windows. The one that fixes bugs exploited by EternalBlue is especially important. Here we explain how to do it.