On June 27th 2017 the world was hit again by another large-scale ransomware attack targeting Windows computers running the SMB protocol, taking the exact same vector the WannaCry attack that took place in May had used. Deemed the name NotPetya, it started its infection in Ukraine within a Ukrainian accountancy software developer and spread through to companies in Russia, Western Europe and has now made its way to the USA.
So what is NotPetya? Well, for short it is a ransomware designed to target Windows based systems and lock down their hard drives until a $300 ransom has been paid, following the payment a key is supposed to be provided to unlock the hard drive. It is designed off a known existing piece of malware called Petya, hence the name “NotPetya”.
How do NotPetya and WannaCry similar? WannaCry was based off of a tool called “Eternal Blue”, designed by the NSA, yes the NSA of America. This tool was stolen by a hacking group called The Shadow Brokers who continued to sell the source code to Eternal Blue on the darknet.
NotPetya is based off an older piece of code which was discovered by checkpoint in 2016 called Petya, not much is known of where Petya started or who developed it. But yesterday we got to see the full force of it and the NotPetya malware which is derived from Petya wreaked havoc across Europe.,
NotPetya and WannaCry are both based off of a similar attack vector, the use of an vulnerability in the SMB protocol which is commonly left on every Windows PC which makes it the perfect way to spread unnoticed. Once the malware has access to a computer it begins to encrypt the hard drive which can only be unencrypted when a key is provided. The major difference between the two is that they are based off of two completely different pieces of source code, and this time there is no kill switch in the code.
Am I vulnerable and what can I do? Most windows computers are susceptible to this attack and should be updated to the latest security patches provided by windows. As and extra security precaution you should also update your antivirus databases or get yourself one if you do not.