{"id":17314,"date":"2017-06-27T13:42:39","date_gmt":"2017-06-27T17:42:39","guid":{"rendered":"https:\/\/www.kaspersky.com.au\/blog\/?p=17314"},"modified":"2019-11-15T22:42:12","modified_gmt":"2019-11-15T11:42:12","slug":"new-ransomware-epidemics","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/new-ransomware-epidemics\/17314\/","title":{"rendered":"New ransomware outbreak"},"content":{"rendered":"<p>Just a few hours ago, a global ransomware outbreak began, and it looks to be as big as the <a href=\"https:\/\/www.kaspersky.com.au\/blog\/wannacry-ransomware\/16518\/\" target=\"_blank\" rel=\"noopener noreferrer\">WannaCry story<\/a> that broke not so long ago.<\/p>\n<p>Those few hours were enough for several large companies from different countries to report infection, and the magnitude of the epidemic is likely to grow even more.<\/p>\n<p>It\u2019s not yet clear what exactly the new ransomware is. Some thought it might be either some variation of <a href=\"https:\/\/www.kaspersky.com.au\/blog\/petya-ransomware\/11715\/\" target=\"_blank\" rel=\"noopener noreferrer\">Petya<\/a> (be it Petya.A, Petya.D, or <a href=\"https:\/\/securelist.ru\/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks\/30388\/\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">PetrWrap<\/a>), or that it could be WannaCry (it\u2019s not). Kaspersky Lab experts are now investigating this new threat, and as soon they come up with solid facts, we\u2019ll update this post.<\/p>\n<p>This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within corporate networks. <a href=\"https:\/\/securelist.com\/schroedingers-petya\/78870\/\" target=\"_blank\" rel=\"noopener noreferrer\">More technical info on the attack<\/a>.<\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/06\/27133735\/wannamore-ransomware-screenshot.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/06\/27133735\/wannamore-ransomware-screenshot.jpg\" alt=\"\" width=\"1280\" height=\"745\" class=\"aligncenter size-full wp-image-17316\"><\/a><\/p>\n<p>For now, know that Kaspersky Lab\u2019s products detect the new ransomware using Kaspersky Security Network (KSN) with a verdict UDS:DangerousObject.Multi.Generic. Here\u2019s what we recommend our customers do:<\/p>\n<ol>\n<li>Make sure that the Kaspersky Security Network and System Watcher components are turned on.<\/li>\n<li>Manually update the antivirus databases <b>immediately<\/b>. It\u2019s also worth updating them several times in the next few hours.<\/li>\n<li>As an additional means of protection, you can also use the AppLocker feature to disable execution of a file called <i>perfc.dat<\/i> and the PSExec utility from the Sysinternals Suite.<\/li>\n<li>Install all security updates for Windows. The one that fixes bugs exploited by EternalBlue is especially important. <a href=\"https:\/\/www.kaspersky.com.au\/blog\/wannacry-windows-update\/16593\/\" target=\"_blank\" rel=\"noopener noreferrer\">Here we explain how to do it<\/a>.<\/li>\n<\/ol>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kis-trial-ransomware\">\n<p>According to an <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/new8xw\/hacker-behind-massive-ransomware-outbreak-cant-get-emails-from-victims-who-paid\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">update seen in Motherboard<\/a>, German email provider Posteo has shut down the e-mail address that was supposed to be used by victims to contact blackmailers, confirm bitcoin transactions and receive decryption keys. What this means is that victims who would look to pay the criminals can no longer get their files back. At Kaspersky Lab, we do not advocate paying the ransom, and in this case it seems to be pointless anyway. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new ransomware outbreak is happening right now. Here&#8217;s what we know so far and what you can do to protect yourself from the threat.<\/p>\n","protected":false},"author":40,"featured_media":17315,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2646],"tags":[478,1680,2545,574,2544,1511,420,422,723,2510],"class_list":{"0":"post-17314","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-blockers","10":"tag-cryptors","11":"tag-epidemics","12":"tag-news-2","13":"tag-outbreak","14":"tag-petya","15":"tag-ransomware","16":"tag-threats","17":"tag-trojans","18":"tag-wannacry"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/new-ransomware-epidemics\/17314\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/new-ransomware-epidemics\/8698\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/new-ransomware-epidemics\/4712\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/new-ransomware-epidemics\/11710\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/new-ransomware-epidemics\/11249\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/new-ransomware-epidemics\/10732\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/new-ransomware-epidemics\/13581\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/new-ransomware-epidemics\/13641\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/new-ransomware-epidemics\/17855\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/new-ransomware-epidemics\/3319\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/new-ransomware-epidemics\/17314\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/new-ransomware-epidemics\/9226\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/new-ransomware-epidemics\/9204\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/new-ransomware-epidemics\/6963\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/new-ransomware-epidemics\/16631\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/new-ransomware-epidemics\/17314\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/threats\/","name":"threats"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/17314","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/40"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=17314"}],"version-history":[{"count":7,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/17314\/revisions"}],"predecessor-version":[{"id":24228,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/17314\/revisions\/24228"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/17315"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=17314"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=17314"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=17314"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}