The new ransomware causing havoc this week is Petya (Petrwrap/GoldenEye). While it is similar to the WannaCry ransomware from last month, there are a few significant differences.

First, there is no “kill switch” for this ransomware and hence it is spreading quite rapidly.

Second, there seems to be 2 parts to this where the malware first tries to get administrative privileges on the local computer and encrypt the Master Boot Record (MBR) and the Master File Table(MFT) . When this happens successfully, the user is completely locked out of the system. The only resolution will be to re-provision this system from scratch and rely on your backups to recover your data.

If the malware is unable to access the MBR, it incorporates another known ransomware (Mischa) to encrypt all the local files like other ransomware.

This malware is reported to propagate using the same Windows vulnerability, known as EternalBlue, that was exploited by the WannaCry ransomware. There are also reports about this ransomware gaining control over powerful system management tools like Windows PsExec and Windows Management Instrumentation.

If you have not already done so, it is extremely important to have all your Windows systems patched from Microsoft.

If you use Egnyte Storage Sync, please work with your IT team to make sure that these devices are not accessible from the internet.

Rest assured that your files on Egnyte are protected. Please contact our support team if you want any help dealing with this.

There are no comments.

Leave a Reply