Big cyber attack in Ukraine goes global

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

Today (CEST), ESET researchers have begun investigating another massive global ransomware epidemic following the WannaCry and XData/AES-NI outbreaks.

The ransomware appears to be a version of Petya. If it successfully infects the MBR, it will encrypt the whole drive itself. Otherwise, it encrypts all files, like Mischa.

For spreading, it appears to be using a combination of the SMB exploit (EternalBlue) used by WannaCry for getting inside the network and then spreading through PsExec for spreading within the network. This dangerous combination may be the reason why this outbreak has spread globally and rapidly, even after the previous outbreaks have generated media headlines and, hopefully, most vulnerabilities have been patched. It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.

  See also


Outbreak appears to have started in Ukraine – Patient Zero

The outbreak appears to have started in Ukraine, where reports indicate the financial sector, energy sector and numerous other industries have been hit. The scope of the damage caused to the energy sector is not yet confirmed, and there have been no reports of a power outage – as was the case previously with the infamous Industroyer malware.”

ESET has published a blog on where additional information about this attack can be found.

Update from ESET since the above statement:
ESET researchers have located the point from which this global epidemic has all started. Attackers have successfully compromised the accounting software M.E.Doc, popular across various industries in Ukraine, including financial institutions.

Several of them executed a Trojanised update of M.E.Doc, which allowed attackers to launch the massive ransomware campaign today, which spread across the whole country and to the whole world. M.E.Doc has today released a warning on its Web site:

Editorial contacts

Bianca Gardella
(021) 461 5178
This e-mail address is being protected from spambots, you need JavaScript enabled to view it


Our comments policy does not allow anonymous postings. Read the policy here