New 'ransomware' attack uses the same vulnerability as WannaCry

A new computer virus it is spreading threatening thousands of organizations and companies around the world. The systems of the Central Bank of Ukraine or the Russian oil company Rosneft have been compromised, as have several multinationals with a presence in Spain such as the pharmaceutical company MSD or the food company Mondelez.

The highest number of infections with 60% and 30% from computers globally affected by the cyberattack is concentrated in Ukraine and Russia, according to preliminary analyzes shared by Costin Raiu, director of the analysis and research team at Kaspersky Lab, a multinational company specialized in Informatic security.

Petya will be another global incident thanks to organizations not patching, "says cybersecurity expert Kevin Beaumont

This new cyber attack, which according to several sources of a variant of the virus known as Petya, replicates the modus operandi of WannaCry by exploiting a vulnerability in the network sharing protocol of Windows operating systems called EternalBlue, analysts at the computer security company Symantec have confirmed. However, preliminary analysis by Kaspersky indicates that it is a ransomwareunknown until now. They have decided to call it NotPetya.

Microsoft released a "critical" security patch on March 14, before the ShadowBrokers group leaked this vulnerability, secretly used by the US National Security Agency to obtain information. But affected organizations had not yet applied it although the virus spread two months later. In some cases, quick patching is a very expensive task for the companies.

The Spanish National Cryptological Center has confirmed that the cyberattack has affected several companies in Spain and recommends as prevention and mitigation measures updating the operating system and security solutions, restricting access from outside the organization, unless using secure protocols, and disabling macro functions in Microsoft Office documents.

"It's as if Tomahawk missiles are stolen from the United States military," said Brad Smith, Microsoft president of the leak of offensive computer tools stored by nations.

Petya will be another global incident thanks to organizations not patching, ”says cybersecurity expert Kevin Beaumont.

The spread of WannaCry was stopped thanks to the ingenuity of two young experts and a simple web domain valued at 10 euros. But Petya is different. "By the way, we can't stop this, there is no kill switch," said security expert "2sec4u."

The dangerous of ransomware It was not the code that encrypts the files and asks for a ransom, but the worm that spreads it and uses the EternalBlue vulnerability. Petya is also divided into two parts: the one that asks for the ransom and the one that makes it spread through local networks.

Instead of encrypting files one by one like WannaCry, Petya reboots the victim's computer and encrypts the master file table on the hard drive and renders the partition in charge of booting the system unusable by replacing it with a code that displays the warning. of the rescue.