Sent from a reader earlier today:
- Hearing some rumors that the company Merck is having a major virus outbreak with something new and their Europe networks are affected more than their US offices. Have you heard anything on this?
A quick check reveals that, apparently, another global ransomware attack is making the rounds today.
- Forbes: Another Massive Ransomware Outbreak Is Going Global Fast (2017-06-27 14:44 UTC)
- International Business Times: Its happening again: Huge ransomware attack on computer systems spreading worldwide (updated 2017-06-27 14:23 UTC)
- The Verge: A new ransomware attack is devastating airlines, banks, and utilities across Europe (2017-06-27 14:01 UTC)
Initial reports indicate this is much like last months WannaCry attack. According to the Verge article, todays ransomware appears to be a new Petya variant called Petyawrap. At this point, we see plenty of speculation on how the ransomware is spreading (everything from email to an EternalBlue-style SMB exploit), but nothing has been confirmed yet for the initial infection vector.
Alleged samples of this ransomware include the following SHA256 hashes:
- 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
- 8143d7d370015ccebcdaafce3f399156ffdf045ac8bedcc67bdffb1507be0b58
AlienVault Open Threat Exchange (OTX) is currently tracking this threat at:
Well provide more information as it becomes available.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.