Our security partner Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer networks. It appears to be using the ‘EternalBlue’ exploit which May’s WannaCry attack also exploited. It was first signaled by attacks on financial institutions in the Ukraine, but soon started spreading more widely, particularly across Europe, the Americas and Asia.
The ransomware is propagating fast across business networks in the same way WannaCry did in May. However, unlike other ransomware types including WannaCry, Petya does not encrypt files on infected machines individually: instead it locks up the machine’s entire hard disk drive.
Read Check Point's Blog post to learn:
- How the attack happened
- Key takeaways from the attack
- Best practices for protecting yourself and your organisation