Collaborate Disseminate
Data collected from the freely available scanner called EternalBlues shows that tens of thousands of computers remain vulnerable to the SMBv1 vulnerability that spawned WannaCry and ExPetr. Continue reading Scanner Shows EternalBlue Vulnerability Unpatched on Thousands of Machines
The key to decrypt the original Petya ransomware has been reportedly released by the ransomware’s author. Continue reading Decryption Key to Original Petya Ransomware Released
A Ukrainian software company at the center of an international ransomware outbreak was reportedly warned about its insufficient digital security multiple times, and new evidence shows it had been compromised by hackers before last week’s incident. M.E.Doc, a Ukrainian software firm that develops accounting software that is mandated by the country’s government, is widely considered to be the “patient zero” behind ExPetr, a unique ransomware variant that first appeared on June 27 with the capability of spreading quickly across local networks and deleting data. Cybersecurity researchers with Czech security firm ESET published evidence Tuesday that hackers were able to successfully penetrate M.E.Doc in the months preceding the major attack and had installed a series of backdoors. These implants would allow a hacker to remotely execute numerous commands and upload other malicious code. Such a backdoor may have been originally leveraged to launch ExPetr. It’s also possible that the attacker had […]
The post ‘Patient zero’ of global ransomware incident was warned and owned before outbreak appeared first on Cyberscoop.
Continue reading ‘Patient zero’ of global ransomware incident was warned and owned before outbreak
Researchers have found links between the BlackEnergy APT group and threat actors behind the ExPetr malware used in last month’s global attacks. Continue reading Researchers Find BlackEnergy APT Links in ExPetr Code
Mike Mimoso and Chris Brook discuss this week’s ExPetr global ransomware outbreak, how it was distributed, the wiper aspect, and similarities to 2016’s Petya ransomware.
The global outbreak of the Petya/ExPetr malware wasn’t a ransomware attack, it was wiper malware aimed to sabotage, according to experts. Continue reading ExPetr Called a Wiper Attack, Not Ransomware
Researchers at Kaspersky Lab have discovered an error in the ExPetr ransomware code that prevents recovery of lost data. Continue reading ‘Little Hope’ to Recover Data Lost to Petya Ransomware
Microsoft has made a definitive link between MEDoc and initial distribution of the Petya ransomware. Kaspersky Lab, meanwhile, has identified a Ukrainian government website used in a watering hole attack. Continue reading New Petya Distribution Vectors Bubbling to Surface