Following on from last month’s WannaCry outbreak a new ransomware attack has infected at least 2,000 targets globally including Russia, the United States, Denmark and the Ukraine. Banks, retailers, energy firms and transport networks are among the industries affected.
Security researchers have identified the ransomware as a variant of Petya, also named “NotPetya” and “GoldenEye”, and have noted the increased sophistication over the WannaCry outbreak. Petya appears to spread through multiple vectors and leverages EternalBlue, the exploit tool leaked by the Shadow Brokers group.
Like WannaCry, an infected target will find their files encrypted with a ransom message displayed on the screen demanding payment in Bitcoin. It is noted that the email address given to make the payment has been shutdown now so making such a payment would achieve nothing.
There is no evidence to suggest that the malware is being spread over email at this time, however Cloudmark engineers identified and began defending customers against this attack at around 1 a.m. GMT Wednesday 28, June 2017.