Petya: The Poison Behind the Latest Ransomware Attack
Unpatched Windows machines are getting hammered again by a new ransomware attacker.
First thing is first: If you're running Windows, patch your systems! The latest variant of Petya, GoldenEye, can attack if, and only if, one of your Windows PCs still hasn't been patched with Microsoft's March MS17-010. Microsoft thought patching this bug was important enough that it even patched it on its unsupported Windows XP operating system.
But, despite that, and despite all the news WannaCry got for it assaults, people still haven't patched all of their systems, and now we get to deal with Petya-infected PCs and their completely encrypted hard drives. As Maya Horowitz, Check Point's threat intelligence group manager, said in the aftermath of WannaCry, "That's something that will keep happening in the future where people can copy and paste malware, copy the NSA code and that's what you get -- worldwide catastrophe. More and more things like that will happen."
As Rafe Pilling, senior security researcher at SecureWorks Counter Threat Unit, added before this latest mess, "It's quite common for ... systems to run older versions of operating systems which go unpatched, run old applications, use shared logins, that sort of stuff, all of which creates an environment which is more susceptible to this sort of thing"...
- Tags:
- Advanced Encryption Standard (AES)-128 key
- BleepingComputer
- Check Point
- Cisco
- data management
- David Kennedy
- encrypted hard drives
- EternalBlue
- GoldenEye
- Kaspersky
- leaked NSA hacker tool
- LSADump
- Master Boot Record (MBR)
- Master File Table (MFT)
- Maya Horowitz
- MeDoc
- Microsoft Operations Manager (MOM)
- Microsoft's March MS17-010
- National Security Agency (NSA)
- NSA code
- Petya
- Psexec
- Rafe Pilling
- ransomware
- RSA-2048 key
- SecureWorks Counter Threat Unit
- Steven J. Vaughan-Nichols
- System Center Operations Manager
- system disk check program (CHKDSK)
- Talos security
- TrustedSec
- unpatched Windows machines
- WannaCry
- Windows Management Instrumentation (WMI)
- Windows Remote Management
- Windows' Security Account Managers (SAM) database
- Windows' Server Message Block (SMB)-1 networking protocol
- Login to post comments