Source: www.us-cert.gov --- Friday, June 30, 2017
Original release date: July 01, 2017 Systems Affected Microsoft Windows operating systems Overview On June 27, 2017, NCCIC was notified of Petya ransomware events occurring in multiple countries and affecting multiple sectors. Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. The NCCIC Code Analysis Team produced a Malware Initial Findings Report (MIFR) to provide in-depth technical analysis of the malware. In coordination with public and private sector partners, NCCIC is also providing additional IOCs in comma-separated-value form for information sharing purposes. Available Files: MIFR-10130295.pdf TA-17-181A_IOCs.csv The scope of this Alert’s analysis is limited to the newest “Petya” variant that surfaced June 27, 2017, and this malware is referred to as “Petya” throughout this Alert. Description Based on initial reporting, this Petya campaign involves multiple methods of initial infection and propagation, including exploiting vulnerabilities in Server Message Block (SMB). Microsoft released a security update for the MS17-010 vulnerability on March 14, 2017. Background information on ransomware infections is provided in US-CERT Alert TA16-091A . Technical Details US-CERT received a sample of this Petya ransomware variant and performed a detailed malware analysis. The team found that this Petya variant encrypts the victim’s files with a dynamically generated, 128 ...
from Windows http://ift.tt/2sc19Y0
No comments:
Post a Comment