Kaspersky Lab: new ransomware attack 'likely to grow even more'

Updated 2017-06-29 08:51:27 Xinhua

Kaspersky Lab said Wednesday that the new ransomware attack that started a day ago "is likely to grow even more."

In an updated blog posting, the multinational cybersecurity and anti-virus services provider said its experts concluded that the new malware is significantly different from all earlier known versions of Petya, a family of encrypting ransomware that was first discovered in 2016.

Petya targets Microsoft Windows-based software systems, infecting the master boot record to execute a payload that encrypts the file table with the New Technology File System (NTFS) format, which is used by current Windows versions for storing and retrieving files on a hard disk or other data storage devices, demanding a payment in Bitcoin in order to regain access to the system.

Unofficially, the author of the posting noted, "we've named it ExPetr or NotPetya."

"The attack appears to be complex, involving several attack vectors," according to the posting. "We can confirm that a modified EternalBlue exploit is used for propagation, at least within corporate networks."

EternalBlue, generally believed to have been developed by the U.S. National Security Agency (NSA) to exploit a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol, was made available on the internet by the Shadow Brokers hacker group on April 14.

Although it was patched by Microsoft on March 14, EternalBlue was used as part of the worldwide WannaCry ransomware attack on May 12.

As in the WannaCry case, the attacker behind the new ransomware tried to extort payment equivalent to 300 U.S. dollars in Bitcoin, a cryptocurrency, from its victims for what the attacker called a "decryption key."

However, notifying it does not advocate paying the ransom, Kaspersky Lab said German email service provider Posteo has already shut down the email address that victims were supposed to use to contact blackmailers and send Bitcoins, and from which they would receive decryption keys; therefore, with the email address blocked, victims won't be able to pay the criminals or get their files back.

While the cybercriminals behind the new ransomware target mostly big enterprises, and home users seem to be less affected by the threat, Kaspersky Lab recommends its customers to back up data, manually update the antivirus databases and install all security updates for Windows.

Also in the News

Nicole Kidman Recalls Oscar Glory: Loneliest Time
Showbiz2016/06/16 13:58July 17 2018 23:12:09

Nicole Kidman Recalls Oscar Glory: Loneliest Time

Attending Shanghai International Film Festival, Nicole Kidman talks about her role in "Grace of Monaco".

Labor Day Travel Peak Starts
Also in the News2014/05/01 12:16July 17 2018 23:12:09

Labor Day Travel Peak Starts

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'
Also in the News2014/04/18 13:18July 17 2018 23:12:09

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'

Hollywood star Johnny Depp's speech in the upcoming new film "Transcendence" has been disclosed on Friday, April 11th.

Most Watched

China World Business Sports Showbiz Audio
C4 My Chinese Life The Sound Stage China Revealed Showbiz Video Travel Video
China World Fun Travel Entertainment Sports
Beijing Shanghai Guangzhou
Live Music Opera & Classical Movies Traditional Shows Exhibitions
Learn Chinese:
Chinese Studio Living Chinese Everyday Chinese Just For Fun Chinese Culture Buzzwords