Ransomware Recap: Petya Ransomware Outbreak Shakes Europe
A (detected by live casino online as RANSOM_PETYA.SMA) is spreading across Europe, successfully infecting—and affecting—a number of businesses, government departments, and utility providers. It's success can be attributed to its use of the tool and Windows Management Information Command-line as infection vectors, along with the exploit—previously used by the WannaCry ransomware and fileless ransomware UIWIX—as a second option. This presents a number of possibilities since the Microsoft tools can be used to carry out actions on other computers—if an infected device has administrator access, then the ransomware could spread to computers connected to the same network.
Figure 1. Petya ransom note
Users and organizations are advised to perform the following mitigation steps immediately in order to prevent and avoid infection:
- Apply Microsoft's security patch MS17-010
- Disable TCP port 445
- Restrict accounts with administrator group access
Mobile ransomware variants resurface
Apart from Petya, even mobile ransomware seems to be taking notes from WannaCry. Early this month, a new variant of SLocker (detected by live casino online as ANDROIDOS_SLOCKER.OPST) surfaced mimicking the WannaCry interface. SLocker is an older malware widely regarded as the , but has been quite active these past few months. It is notable for being one of the few mobile families that actually encrypts files and is not simply a screenlocker.
Figure 2. SLocker copying the WannaCry GUI
Luckily, this variant's distribution was limited and its life was cut short by the publishing of decryption tools soon after the detection and the?.
Koler (detected by live casino online as ANDROIDOS_LOCKER.AXBO) is another mobile ransomware that surfaced this week. This particular ransomware uses targeted ads and impersonates a popular porn app to get users to download it.
Once installation is in progress, the app asks users for permissions to finish installing—this just grants admin rights to the ransomware. It then installs an FBI screenlocker and tries to intimidate the victim with a law enforcement scare tactic.
Other ransomware developments
One more ransomware detected this week is RANSOM_CRYPAYSAVE, which is an MSIL-compiled variant that is still in-development. The authors ask for payment using PaySafeCard, which is a service that allows for more secure online payments, and is a much more convenient mode of payment than Bitcoin.
Another ransomware that tries to stand out is GPAA (detected by live casino online as RANSOM_GPAA) which capitalizes on the Cerber name by using a .cerber6 extension on affected files to scare victims. This ransomware poses as the Global Poverty Aid Agency (GPAA) and tries to ask victims for Bitcoin donations before reverting back to typical ransomware behavior and demanding payment in exchange for decryption.
Figure 3. GPAA impersonating a charity
As this week surprises us with yet another major ransomware outbreak, users are reminded to always stay vigilant and be mindful of the patches sent out by vendors for their products. Comprehensive and effective solutions are also necessary to protect against this evolving and growing threat.
Ransomware Solutions
Enterprises can benefit from a multi-layered, step-by-step approach in order to best mitigate the risks brought by these threats. Email and web gateway solutions such as?live casino online? Deep Discovery? Email Inspector?and?InterScan? Web Security?prevents ransomware from ever reaching end users. At the endpoint level,?live casino online Smart Protection Suites?deliver several capabilities like high-fidelity machine learning, behavior monitoring and application control, and vulnerability shielding that minimizes the impact of this threat.?live casino online Deep Discovery Inspector?detects and blocks ransomware on networks, while?live casino online Deep Security??stops ransomware from reaching enterprise servers—whether physical, virtual, or in the cloud.
For small businesses,?live casino online Worry-Free Services Advanced?offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware.
For home users,?live casino online Security 10?provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat.
Users can likewise take advantage of our?free tools?such as the?, which is designed to detect and remove screen-locker ransomware; as well as?, which can decrypt certain variants of crypto-ransomware without paying the ransom or the use of the decryption key.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
последний
- Unveiling AI Agent Vulnerabilities Part I: Introduction to AI Agent Vulnerabilities
- The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground
- From Registries to Private Networks: Threat Scenarios Putting Organizations in Jeopardy
- Trend 2025 Cyber Risk Report
- The Future of Social Engineering
Cellular IoT Vulnerabilities: Another Door to Cellular Networks
AI in the Crosshairs: Understanding and Detecting Attacks on AWS AI Services with Trend Vision One?
Trend 2025 Cyber Risk Report
CES 2025: A Comprehensive Look at AI Digital Assistants and Their Security Risks