HU: New Peyta style ransomware demanding 300 Bitcoin

[gman5250]

Just wanted to post this heads up.

There's a new ransomware, similar to the WannaCry and using the same protocols, on the loose right now.

Be cautious with downloads, even from trusted vendors. It's more prevalent in Europe, and demanding 300 Bitcoin...again. It's disguising itself as an approved Microsoft file, so it initially got by some antivirus programs. I wouldn't count on the latest Win10 update to have the protections for this one built in yet.

FYI...

 

[Bjoern]

Thanks for the warning.


It's still imperative to use grey matter as a first line defense when downloading files and to keep Windows updated.

 

[greenie]

Its hitting Australia and is expected to hit New Zealand next.

From what I have heard it is traveling via email in an attachment. Dont get tricked into opening attachments. .I would hope downloads will be ok

 

[hairyspin]

300 US dollars are demanded, not 300 bitcoins - a ruinous sum. Reports are that machines hit are those which haven't updated despite the last outbreak, so if you think WannaCry was dealt with and you don't need to do anything to avoid it, you're wrong and should get security updates right away. This one uses the same vulnerabilities, so don't be an ostrich and stick your head in the sand!

 

[gman5250]

300 US dollars are demanded, not 300 bitcoins - a ruinous sum. Reports are that machines hit are those which haven't updated despite the last outbreak, so if you think WannaCry was dealt with and you don't need to do anything to avoid it, you're wrong and should get security updates right away. This one uses the same vulnerabilities, so don't be an ostrich and stick your head in the sand!

Yep... $300 worth of Bitcoin...not 300 Bitcoin. That would be a tidy sum.


So far ESET has proved to be the best security I have employed to date.
Win10 did another update this AM, and I'm still running within tolerances.

As a precaution, I back up all of my work daily to an external that is only connected to the system during data transfer.

Thanks for the data correction Tom.

 

[Naismith]

As a precaution, I back up all of my work daily to an external that is only connected to the system during data transfer.

Thanks for the reminder my 2 MyBook's are now disconnected. That would be 4TB of data lost in the event

 

[TuFun]

As Tuesday's ransomware attack continues to spread around the world, several security analysts are saying that this virus may not be ransomware after all. New reports are claiming the virus has been designed to permanently delete a system's Master Boot Record before a victim even gets the chance to read the ransom demand. This points to the virus potentially using the guise of ransomware as cover for a more destructive and politically-orientated cyberattack.
Early reports hypothesizing the source of the infection as coming from some Ukranian accounting software called MeDoc have now been confidently verified by Microsoft. The company's security blog says, "Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process."

This is interesting from the article...

The allegations that this virus was a cyberattack disguised as ransomware certainly fit with the strangely inept and complicated ransom method outlined by the virus. The odd tactic of using a single Bitcoin wallet and asking victims to email a specific email address is not only unconventional for a ransomware attack, but also fundamentally ineffective. As the email address attached to the ransomware demand was quickly inactivated by the company owning the domain, it seemed to suggest that money was not the primary motive of this attack.

More info...

http://newatlas.com/notpetya-cyberattack-disguised-ransomware-ukraine/50265/