Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A new massive attack allegedly based on Petwrap ransomware hits organizations in several states

A new wave of cyber attacks is shocking the IT industry, a massive attack leveraging the Petwrap ransomware has infected systems across the world. A new wave of cyber attacks is shocking the IT industry, a few weeks after the WannaCry massive attack, security experts are facing a new threat that is rapidly spreading. Once […]

Perwrap ransomware

A new wave of cyber attacks is shocking the IT industry, a massive attack leveraging the Petwrap ransomware has infected systems across the world.

A new wave of cyber attacks is shocking the IT industry, a few weeks after the WannaCry massive attack, security experts are facing a new threat that is rapidly spreading.

Once again it is a ransomware that is infecting computers worldwide making chaos, systems at banks, power suppliers and businesses in Europe, Russia, Ukraine,  and India have been targeted by Petwrap.

The Petwrap ransomware is a variant of the notorious Petya ransomware that encrypts files demanding $300 in bitcoins to the victims.

Like WannaCry, also Petwrap exploits the Windows SMBv1 vulnerability and the effects appear to be serious on a large scale highlighting the poor level of security of computers worldwide.

According to the security researchers Matt Suiche, founder of cyber security firm Comae Technologies, the malware use the same attack vector exploited by EternalBlue and the accompanying DoublePulsar rootkit.

https://twitter.com/msuiche/status/879709527565905921

Unlike other ransomware, Petya does not encrypt files on the infected systems but targets the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable.

Petya locks the access to the users’ data by encrypting the master file table (MFT) and replaces the computer’s MBR with its own malicious code that displays the ransom note.

Petya overwrites the MBR of the hard drive causing Windows to crash. When the victim tries to reboot the PC, it will impossible to load the OS, even in Safe Mode.

Below the ransom note that was displayed by the Petwrap ransomware:

“If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”

Petwrap ransomware

Another bad news is that currently, only a small portion of antivirus is able to detect the threat, according to VirusTotal, only 15 out of 61 anti-virus services are able to detect Petwrap.

News of attacks on financial institutions are circulating on the internet, the National Bank of Ukraine (NBU) is one of the victims of the ransomware.

The Perwrap ransomware has infected systems at Russian state-owned oil company Rosneft, while Ukrainian state electricity suppliers, “Kyivenergo” and “Ukrenergo,” were also targeted by the malware.

“We were attacked. Two hours ago, we had to turn off all our computers. We are waiting for permission from Ukraine’s Security Service (SBU) to switch them back on,” Kyivenergo’s press service said.

Many systems were infected in Ukraine, Ukrainian branch’s mining company Evraz also confirmed the infections along with the Ukraine’s local metro ,and Kiev’s Boryspil Airport.

The giant logistic company Maersk was also targeted by the malware in a serious way.

At least three Ukrainian telecommunication operators, LifeCell, Kyivstar, Ukrtelecom, have also reported Petwrap ransomware infections.

While I was writing, different opinions about the threat are circulating on the Internet, 

Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky declared that infections were traced to a “new ransomware we haven’t seen before.Stay Tuned.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Petwrap ransomware , malware)

[adrotate banner=”13″]