IT disaster recovery, cloud computing and information security news

Global ransomware attack may actually be a precursor to a more virulent future event

While the ransomware attack that is in the headlines at the moment has been linked to the Petya ransomware, emerging evidence is pointing to the attack being based on a new type of ransomware, which may be being used as a probe for a future more aggressive attack.

Kaspersky Lab analysts have investigated the ransomware and preliminary findings suggest that it is not a variant of Petya. While it has several strings similar to Petya, it possesses entirely different functionality. Kaspersky Lab has named the new ransomware as ‘ExPetr’.

Fortinet’s security research team, FortiGuard Labs is calling the ransomware a new Petya variant and believes that this attack may mainly be a test for delivering future attacks targeted at newly disclosed vulnerabilities. FortiGuard Labs says that in spite of the highly publicised disclosure of the Microsoft vulnerabilities and patches following WannaCry, there are still countless organizations, including those managing critical infrastructure, that have failed to patch their devices.

An interesting aspect of the current attack according to FortiGuard Labs, is that once a vulnerable device has been targeted, the ransomware appears to impair the Master Boot Record (MBR) during the infection cycle. With most ransomware attacks the only potential loss is data. Because the new Petya variant alters the Master Boot Record, the risk is the loss of the entire system. In addition, it initiates a reboot of the system on a one-hour cycle, adding an additional denial of service element to the attack.

Extent of the current outbreak

Kaspersky Lab’s telemetry data indicates around 2,000 attacked users so far. Organizations in Russia and the Ukraine are the most affected, and attacks have also been registered in Poland, Italy, the UK, Germany, France, the US and several other countries.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

   

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.