LINE

Text:AAAPrint
Sci-tech

Kaspersky Lab: new ransomware attack 'likely to grow even more'

1
2017-06-29 08:41:36Xinhua Gu Liping ECNS App Download

Kaspersky Lab said Wednesday that the new ransomware attack that started a day ago "is likely to grow even more."

In an updated blog posting, the multinational cybersecurity and anti-virus services provider said its experts concluded that the new malware is significantly different from all earlier known versions of Petya, a family of encrypting ransomware that was first discovered in 2016.

Petya targets Microsoft Windows-based software systems, infecting the master boot record to execute a payload that encrypts the file table with the New Technology File System (NTFS) format, which is used by current Windows versions for storing and retrieving files on a hard disk or other data storage devices, demanding a payment in Bitcoin in order to regain access to the system.

Unofficially, the author of the posting noted, "we've named it ExPetr or NotPetya."

"The attack appears to be complex, involving several attack vectors," according to the posting. "We can confirm that a modified EternalBlue exploit is used for propagation, at least within corporate networks."

EternalBlue, generally believed to have been developed by the U.S. National Security Agency (NSA) to exploit a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol, was made available on the internet by the Shadow Brokers hacker group on April 14.

Although it was patched by Microsoft on March 14, EternalBlue was used as part of the worldwide WannaCry ransomware attack on May 12.

As in the WannaCry case, the attacker behind the new ransomware tried to extort payment equivalent to 300 U.S. dollars in Bitcoin, a cryptocurrency, from its victims for what the attacker called a "decryption key."

However, notifying it does not advocate paying the ransom, Kaspersky Lab said German email service provider Posteo has already shut down the email address that victims were supposed to use to contact blackmailers and send Bitcoins, and from which they would receive decryption keys; therefore, with the email address blocked, victims won't be able to pay the criminals or get their files back.

While the cybercriminals behind the new ransomware target mostly big enterprises, and home users seem to be less affected by the threat, Kaspersky Lab recommends its customers to back up data, manually update the antivirus databases and install all security updates for Windows.

  

Related news

MorePhoto

Most popular in 24h

MoreTop news

MoreVideo

News
Politics
Business
Society
Culture
Military
Sci-tech
Entertainment
Sports
Odd
Features
Biz
Economy
Travel
Travel News
Travel Types
Events
Food
Hotel
Bar & Club
Architecture
Gallery
Photo
CNS Photo
Video
Video
Learning Chinese
Learn About China
Social Chinese
Business Chinese
Buzz Words
Bilingual
Resources
ECNS Wire
Special Coverage
Infographics
Voices
LINE
Back to top Links | About Us | Jobs | Contact Us | Privacy Policy
Copyright ©1999-2018 Chinanews.com. All rights reserved.
Reproduction in whole or in part without permission is prohibited.