New 'ransomware' attack uses the same vulnerability as WannaCry

A new computer virus it is spreading threatening thousands of organizations and companies around the world. The systems of the Central Bank of Ukraine or the Russian oil company Rosneft have been compromised, as have several multinationals with a presence in Spain such as the pharmaceutical company MSD or the food company Mondelez.

The highest number of infections with 60% and 30% from computers globally affected by the cyberattack is concentrated in Ukraine and Russia, according to preliminary analyzes shared by Costin Raiu, director of the analysis and research team at Kaspersky Lab, a multinational company specialized in Informatic security.

Petya será otro incidente mundial gracias a que las organizaciones no han parcheado”, dice el experto en ciberseguridad Kevin Beaumont

This new cyber attack, which according to several sources of a variant of the virus known as Petya, replicates the modus operandi of WannaCry by exploiting a vulnerability in the network sharing protocol of Windows operating systems called EternalBlue, analysts at the computer security company Symantec have confirmed. However, preliminary analysis by Kaspersky indicates that it is a ransomwareunknown until now. They have decided to call it NotPetya.

Microsoft lanzó un parche de seguridad “crítico” el 14 de marzo, antes de que el grupo ShadowBrokers filtrara esta vulnerabilidad, usada en secreto por la Agencia Nacional de Seguridad de los Estados Unidos para obtener información. Pero affected organizations had not yet applied it although the virus spread two months later. In some cases, quick patching is a very expensive task for the companies.

The Spanish National Cryptological Center has confirmed that the cyberattack has affected several companies in Spain and recommends as prevention and mitigation measures updating the operating system and security solutions, restricting access from outside the organization, unless using secure protocols, and disabling macro functions in Microsoft Office documents.

“Es como si al ejército de Estados Unidos le robaran misiles Tomahawk”, dijo Brad Smith, presidente de Microsoft en relación con la filtración de herramientas informáticas de ofensa almacenadas por naciones.

Petya será otro incidente mundial gracias a que las organizaciones no han parcheado”, dice el experto en ciberseguridad Kevin Beaumont.

La propagación de WannaCry se detuvo gracias al ingenio de dos jóvenes expertos y un simple dominio web valorado 10 euros. Pero Petya es diferente. “Por cierto, no podemos parar esto, no hay interruptor de la muerte”, ha dicho el experto en seguridad “2sec4u”.

The dangerous of ransomware It was not the code that encrypts the files and asks for a ransom, but the worm that spreads it and uses the EternalBlue vulnerability. Petya is also divided into two parts: the one that asks for the ransom and the one that makes it spread through local networks.

Instead of encrypting files one by one like WannaCry, Petya reboots the victim's computer and encrypts the master file table on the hard drive and renders the partition in charge of booting the system unusable by replacing it with a code that displays the warning. of the rescue.