This week has been abuzz with articles on the new Petya outbreak, now being commonly referred to as NotPetya. Initially, the new malware outbreak was observed to have many of the same characteristics of the Petya ransomware from last year as it rewrites the master boot record of victim's computer with a ransom note claiming that the disk has been encrypted and giving instructions on how to pay the ransom to recover files. Early on, differences in NotPetya were noted such as using a single email address as a point of contact rather than using the Tor network to facilitate ransom payment and recovery key distribution. On June 28th, https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b revealed that NotPetya is, in fact, a disk wiper and not ransomware, overwriting the disk in a way that is not reversible, likely much to the dismay of those infected.
Since not everyone is an expert on what looks suspicious, protecting your company with malware detection and security tools is important as well. Even the best protection can be circumvented with enough effort, however, so it's important to not let security tools reduce one's awareness or vigilance. In campaigns like WannaCry and NotPetya where automated spreading through the network is built in, it only takes one infection to potentially put an entire network at risk. This makes it critical to ensure that all operating systems and software are up to date in order to mitigate spreading through exploits like EternalBlue and EternalRomance. Combining security tools with human diligence is key to preventing infections like this from taking place.
Jonathan Tanner is a Threat Research Engineer in our Campbell office. Connect with him on LinkedIn here.